5. Authentication and Interoperability

System Security Services Daemon (SSSD)

The System Security Services Daemon (SSSD) implements a set of services for central management of identity and authentication. Centralizing identity and authentication services enables local caching of identities, allowing users to still identify in cases where the connection to the server is interrupted. SSSD supports many types of identity and authentication services, including: Red Hat Directory Server, OpenLDAP, 389, Kerberos and LDAP. SSSD in Red Hat Enterprise Linux 6.1 is updated to version 1.5, providing the following bug fixes and enhancements:

  • Netgroups support
  • Improved online/offline detection
  • Improved LDAP access-control provider with support for shadow and authorizedService
  • Improved caching and cleanup logic for different schemata
  • Improved DNS based discovery
  • Automatic Kerberos ticket renewal
  • Enablement of the Kerberos FAST protocol
  • Better handling of password expiration

Note

The Deployment Guide contains a section that describes how to install and configure SSSD.
IPA

Red Hat Enterprise Linux 6.1 features IPA as a Technology Preview. IPA is an integrated security information management solution which combines Red Hat Enterprise Linux, Red Hat Directory Server, MIT Kerberos, and NTP. It provides web browser and command-line interfaces, and its numerous administration tools allow an administrator to quickly install, set up, and administer one or more servers for centralized authentication and identity management.

Note

The Enterprise Identity Management Guide contains further information on the IPA Technology Preview.
Samba

Samba is an open source implementation of the Common Internet File System (CIFS) protocol. It allows the networking of Microsoft Windows, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba in Red Hat Enterprise Linux 6.1 is updated to version 3.5.6.

Samba in Red Hat Enterprise Linux 6.1 allows users to use their own Kerberos credentials when accessing CIFS mount, rather than needing the same mount credentials for all access to the mount.
FreeRADIUS

FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. FreeRADIUS in Red Hat Enterprise Linux 6.1 is updated to version 2.1.10.

Kerberos

Kerberos is a networked authentication system which allows users and computers to authenticate to each other with the help of a trusted third party, the KDC. In Red Hat Enterprise Linux 6.1, Kerberos (supplied by the krb5 package) is updated to version 1.9.