On 05/11/2012 02:18 PM, Chandan Kumar wrote:
I was considering different centralized authentication/authorization
services such as FreeIPA, 389 and Open ldap to deploy into our network
in order to have a good centralized user authentication/authorization
machanism. I was wondering what are they key that FreeIPA provides as
compared to other directory servies in terms of extra feature, ease of
deployment and use etc.
FreeIPA is an integrated solution that includes DNS, kerberos SSO, host
management, HBAC, role based authorization, integration with SSSD,
sophisticated group management, sudo support, certificate management,
can replace NIS and netgroups, supports replication for redundant
servers, etc. It supports both a scriptable command line utility set as
well as a web based GUI. The next version will include support for cross
realm trusts allowing for powerful integration with Active Directory.
FreeIPA is built on top of 389 DS, MIT Kerberos KDC and the Dogtag
certificate management system. Openldap is well, just an LDAP server
(some assembly required).
The whole idea of FreeIPA is to take the basic primitive services
supplied by an LDAP server but make it vastly more powerful by layering
a lot of sophisticated functionality on top it which is fully integrated
and easy to use.
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
Freeipa-users mailing list