On 05/11/2012 02:18 PM, Chandan Kumar wrote:
Hi All,

I was considering different centralized authentication/authorization
services such as FreeIPA, 389 and Open ldap to deploy into our network
in order to have a good centralized user authentication/authorization
machanism. I was wondering what are they key that FreeIPA provides as
compared to other directory servies in terms of extra feature, ease of
deployment and use etc.

FreeIPA is an integrated solution that includes DNS, kerberos SSO, host management, HBAC, role based authorization, integration with SSSD, sophisticated group management, sudo support, certificate management, can replace NIS and netgroups, supports replication for redundant servers, etc. It supports both a scriptable command line utility set as well as a web based GUI. The next version will include support for cross realm trusts allowing for powerful integration with Active Directory.

FreeIPA is built on top of 389 DS, MIT Kerberos KDC and the Dogtag certificate management system. Openldap is well, just an LDAP server (some assembly required).

The whole idea of FreeIPA is to take the basic primitive services supplied by an LDAP server but make it vastly more powerful by layering a lot of sophisticated functionality on top it which is fully integrated and easy to use.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to