Thanks John for reply.

Ok. So basically it integrate various subsystems required to have a full
fledged AAA system and give the end user a single controlling interface to
control various components.

So will its webgui enable to control 389, Krb and Radius configurations
too? Because if I see each of these components individually each needs to
be setup separately with lot of pain.


On Fri, May 11, 2012 at 12:23 PM, John Dennis <> wrote:

> On 05/11/2012 02:18 PM, Chandan Kumar wrote:
>> Hi All,
>> I was considering different centralized authentication/authorization
>> services such as FreeIPA, 389 and Open ldap to deploy into our network
>> in order to have a good centralized user authentication/authorization
>> machanism. I was wondering what are they key that FreeIPA provides as
>> compared to other directory servies in terms of extra feature, ease of
>> deployment and use etc.
> FreeIPA is an integrated solution that includes DNS, kerberos SSO, host
> management, HBAC, role based authorization, integration with SSSD,
> sophisticated group management, sudo support, certificate management, can
> replace NIS and netgroups, supports replication for redundant servers, etc.
> It supports both a scriptable command line utility set as well as a web
> based GUI. The next version will include support for cross realm trusts
> allowing for powerful integration with Active Directory.
> FreeIPA is built on top of 389 DS, MIT Kerberos KDC and the Dogtag
> certificate management system. Openldap is well, just an LDAP server (some
> assembly required).
> The whole idea of FreeIPA is to take the basic primitive services supplied
> by an LDAP server but make it vastly more powerful by layering a lot of
> sophisticated functionality on top it which is fully integrated and easy to
> use.
> --
> John Dennis <>
> Looking to carve out IT costs?
Freeipa-users mailing list

Reply via email to