On 03/27/2012 04:32 AM, Oguz Yilmaz wrote: > Hello, > > I plan to implement a common authentication and authorization system > for several Linux applications. My research has redirected me to > FreeIPA, and I am happy to know about such a good project. > > However, I dont have any purpose of managing non-windows computers and > users. This is a one gateway box, single machine system. > > My planned system has several services, Some examples to use that AA > system is: xl2tpd, pptpd, openvpn, squid and some custom made web > applications. > > I need the following functions for those services and applications: > > - User authentication > - User roles and authorization (vpnuser, manager, webuser...) > - User, role and credentials management (creating users by admin, > passsword changes by users,...) > - AD and radius sync or proxying AA. > > The services can be connected to the AA system through an > authenticator system binary. Binary is called with user credentials > and service requesting AA; and results in grant or reject. System > services may use this binary for checking authentication and > authorization. > > Do you think FreeIPA is a good choice? What would you suggest, otherwise? >
>From the high level yes it seems like a good choice but devil is in details. IPA does everything you listed but it might do it in a different way from how you envision it. You might find that a pure DS server would be more flexible for you. But it would not be clear up until you give it a try. I suggest you give it a try and make your mind based on the experience and quick evaluation. Looking at your requirements I would bet that IPA would work for you just fine. This authenticator system binary that you mention is it a custom code or something off the shelf? Is it ldap based or uses PAM? Is it something like kinit? > Best Regards, > > > -- > Oguz YILMAZ > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users