I have all done this, so from what you write I think IPA would be a good fit
for what you want, except that is the single sign on bit I have not looked to
see if that can be done. For http restart you control that via sudo in IPA so
its centrally managed, I have this working for one such server though I use the
reload option instead.
I would also not run one instance of IPA myself but with such a small site
that's your call.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Bob Sauvage [bob.sauv...@gmx.fr]
Sent: Wednesday, 23 January 2013 9:51 a.m.
Subject: [Freeipa-users] Some interrogations about the freeipa deployment
I plan to review the network architecture of my office. 10 Windows/Linux
desktops and 2 Linux servers will be deployed on the network.
I want to install freeipa on the first server to act like an AD DS. I want to
authenticate users on the server and controlling what can be done or not by
them on the network. 10 other linux web servers should be accessible (console)
by specific users and without the need to authenticating again (single sign
on). On these web servers, users can issue specific commands like
Is it possible to achive this with freeipa ? Do you have some articles ?
Thanks in advance,
Freeipa-users mailing list