I have all done this, so from what you write I think IPA would be a good fit 
for what you want, except that is the single sign on bit I have not looked to 
see if that can be done. For http restart you control that via sudo in IPA so 
its centrally managed, I have this working for one such server though I use the 
reload option instead.

I would also not run one instance of IPA myself but with such a small site 
that's your call.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Bob Sauvage [bob.sauv...@gmx.fr]
Sent: Wednesday, 23 January 2013 9:51 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Some interrogations about the freeipa deployment

Hi *,

I plan to review the network architecture of my office. 10 Windows/Linux 
desktops and 2 Linux servers will be deployed on the network.

I want to install freeipa on the first server to act like an AD DS. I want to 
authenticate users on the server and controlling what can be done or not by 
them on the network. 10 other linux web servers should be accessible (console) 
by specific users and without the need to authenticating again (single sign 
on). On these web servers,  users can issue specific commands like 
"/etc/init.d/httpd restart".

Is it possible to achive this with freeipa ?  Do you have some articles ?

Thanks in advance,

Bob !
Freeipa-users mailing list

Reply via email to