Chapter 3. Installing and Uninstalling Identity Management Clients
3.1. Prerequisites for Installing a Client
- DNS requirements
- Employ proper DNS delegation. For details on DNS requirements in IdM, see Section 2.1.3, “Host Name and DNS Configuration”.Do not alter the
resolv.conffile on clients.
- Port requirements
- IdM clients connect to a number of ports on IdM servers to communicate with their services. These ports must be open on the IdM servers in the incoming direction. For more information on which ports IdM requires, see Section 2.1.4, “Port Requirements”.On a client, open these ports in the outgoing direction. If you are using a firewall that does not filter outgoing packets, such as
firewalld, the ports are already available in the outgoing direction.
- Federal Information Processing Standard (FIPS) support
- In environments set up using Red Hat Enterprise Linux 7.4 and later:
In environments set up using Red Hat Enterprise Linux 7.3 and earlier:
- You can configure a new IdM server, replica, or client on a system with the FIPS mode enabled. The installation script automatically detects a system with FIPS enabled and configures IdM without the administrator's intervention.To enable FIPS in the operating system, see Enabling FIPS Mode in the Security Guide.
- Enable FIPS mode on existing IdM servers previously installed with FIPS mode disabled.
- Install a replica in FIPS mode when using an existing IdM server with FIPS mode disabled.
For further details about FIPS mode, see Federal Information Processing Standard (FIPS) in the Security Guide.
- IdM does not support the FIPS mode. Disable FIPS on your system before installing an IdM server, replica, or client, and do not enable it after the installation.
- Name Service Cache Daemon (NSCD) requirements
- Red Hat recommends to disable NSCD on Identity Management machines. Alternatively, if disabling NSCD is not possible, only enable NSCD for maps that SSSD does not cache.Both NSCD and the SSSD service perform caching, and problems can occur when systems use both services simultaneously. See the System-Level Authentication Guide for information on how to avoid conflicts between NSCD and SSSD.