Language and Page Formatting Options
Chapter 3. Installing and Uninstalling Identity Management Clients
This chapter explains how to configure a system to join an Identity Management (IdM) domain as a client machine enrolled with a server.
See Section 1.2, “The Identity Management Domain” for details on clients and servers in the IdM domain.
3.1. Prerequisites for Installing a Client
- DNS requirements
- Employ proper DNS delegation. For details on DNS requirements in IdM, see Section 2.1.5, “Host Name and DNS Configuration”.Do not alter the
resolv.conffile on clients.
- Port requirements
- IdM clients connect to a number of ports on IdM servers to communicate with their services. These ports must be open on the IdM servers in the incoming direction. For more information on which ports IdM requires, see Section 2.1.6, “Port Requirements”.On a client, open these ports in the outgoing direction. If you are using a firewall that does not filter outgoing packets, such as
firewalld, the ports are already available in the outgoing direction.
- Name Service Cache Daemon (NSCD) requirements
- Red Hat recommends to disable NSCD on Identity Management machines. Alternatively, if disabling NSCD is not possible, only enable NSCD for maps that SSSD does not cache.Both NSCD and the SSSD service perform caching, and problems can occur when systems use both services simultaneously. See the System-Level Authentication Guide for information on how to avoid conflicts between NSCD and SSSD.
3.1.1. Prerequisites for Installing a Client in a FIPS Environment
In environments set up using Red Hat Enterprise Linux 7.4 and later:
- You can configure a new client on a system with the Federal Information Processing Standard (FIPS) mode enabled. The installation script automatically detects a system with FIPS enabled and configures IdM without the administrator's intervention.To enable FIPS in the operating system, see Enabling FIPS Mode in the Security Guide.
In environments set up using Red Hat Enterprise Linux 7.3 and earlier:
- IdM does not support the FIPS mode. Disable FIPS on your system before installing an IdM client, and do not enable it after the installation.
For further details about FIPS mode, see Federal Information Processing Standard (FIPS) in the Security Guide.