Chapter 1. Introduction to Red Hat Identity Management
1.1. The Goal of Red Hat Identity Management
- Advanced features of Linux operating system environments
- Unifying large groups of Linux machines
- Native integration with Active Directory
- IdM builds on existing, native Linux tools and protocols. It has its own processes and configuration, but its underlying technologies are well-established on Linux systems and trusted by Linux administrators.
- IdM servers and clients are Red Hat Enterprise Linux machines. However, even though IdM does not support Windows clients directly, it allows integration with Active Directory environment.
NoteThis guide describes using IdM in Linux environments only. For more information on integration with Active Directory, see the Windows Integration Guide.For information on the Samba suite, which allows integrating Linux machines into Active Directory environment, see the Using Samba, Kerberos, and Winbind chapter in the Windows Integration Guide. If you use Samba as a server, note that integrating the server into the IdM domain and authenticating users connecting to the Samba server against the IdM or a trusted Active Directory domain is not supported.
1.1.1. Examples of Benefits Brought by IdM
- Managing identities and policies with several Linux servers
- Without IdM: Each server is administered separately. All passwords are saved on the local machines. The IT administrator manages users on every machine, sets authentication and authorization policies separately, and maintains local passwords.With IdM: The IT administrator can:
- Maintain the identities in one central place: the IdM server
- Apply policies uniformly to multiples of machines at the same time
- Set different access levels for users by using host-based access control, delegation, and other rules
- Centrally manage privilege escalation rules
- Define how home directories are mounted
- Enterprise single sign-on
- Without IdM: Users log in to the system and are prompted for a password every single time they access a service or application. These passwords might be different, and the users have to remember which credential to use for which application.With IdM: After users log in to the system, they can access multiple services and applications without being repeatedly asked for their credentials. This helps:
- Improve usability
- Reduce the security risk of passwords being written down or stored insecurely
- Boost user productivity
- Managing a mixed Linux and Windows environment
- Without IdM: Windows systems are managed in an Active Directory forest, but development, production, and other teams have many Linux systems. The Linux systems are excluded from the Active Directory environment.With IdM: The IT administrator can:
- Manage the Linux systems using native Linux tools
- Integrate the Linux systems with the Windows systems, thus preserving a centralized user store
- Expand the Linux base easily
- Separate management of Linux and Active Directory machines and enable Linux and Windows admins to control their environment directly
1.1.2. Contrasting Identity Management with a Standard LDAP Directory
- Schema: a flexible schema that can be customized for a vast array of entries, such as users, machines, network entities, physical equipment, or buildings.
- Typically used as: a back-end directory to store data for other applications, such as business applications that provide services on the Internet.
- Schema: a specific schema that defines a particular set of entries relevant to its purpose, such as entries for user or machine identities.
- Typically used as: the identity and authentication server to manage identities within the boundaries of an enterprise or a project.
- Identity Management or Red Hat Directory Server – Which One Should I Use? on the Red Hat Enterprise Linux Blog.