Show Table of Contents Hide Table of Contents English 日本語 English Multi-page HTML Single-page HTML PDF ePub Configuring and managing Identity ManagementProviding feedback on Red Hat documentation1. Logging in to Identity Management from the command line1.1. Using kinit to log in to IdM manually1.2. Destroying a user’s active Kerberos ticket1.3. Configuring an external system for Kerberos authentication2. Viewing, starting and stopping the Identity Management services2.1. Viewing the status of IdM services2.2. Starting and stopping the entire Identity Management server: the ipactl utility2.3. Starting and stopping an individual Identity Management service: the systemctl utility3. Introduction to the IdM command-line utilities3.1. What is the IPA command line interface3.2. What is the IPA help3.3. Using IPA help topics3.4. Using IPA help commands3.5. Structure of IPA commands3.6. Using an IPA command to add a user account to IdM3.7. Using an IPA command to modify a user account in IdM3.8. How to supply a list of values to the IdM utilities3.9. How to use special characters with the IdM utilities4. Searching Identity Management entries from the command line4.1. Overview of listing IdM entries4.2. Showing details for a particular entry4.3. Adjusting the search size and time limit4.3.1. Adjusting the search size and time limit in the command line4.3.2. Adjusting the search size and time limit in the Web UI5. Accessing the IdM Web UI in a web browser5.1. What is the IdM Web UI5.2. Web browsers supported for accessing the Web UI5.3. Accessing the Web UI6. Logging in to IdM in the Web UI: Using a Kerberos ticket6.1. Prerequisites6.2. Kerberos authentication in Identity Management6.3. Using kinit to log in to IdM manually6.4. Configuring the browser for Kerberos authentication6.5. Logging in to the web UI using a Kerberos ticket6.6. Configuring an external system for Kerberos authentication6.7. Web UI login for Active Directory users7. Logging in to the Identity Management Web UI using one time passwords7.1. Prerequisites7.2. One time password (OTP) authentication in Identity Management7.3. Enabling the one time password in the Web UI7.4. Adding OTP tokens in the Web UI7.5. Logging into the Web UI with a one time password7.6. Synchronizing OTP tokens using the Web UI7.7. Changing expired passwords8. Public key certificates in Identity Management8.1. Certificate authorities in IdM8.2. Comparison of certificates and Kerberos8.3. The pros and cons of using certificates to authenticate users in IdM9. Converting certificate formats to work with IdM9.1. Certificate formats and encodings in IdM9.2. Converting an external certificate to load into an IdM user account9.2.1. Converting an external certificate in the IdM CLI and loading it into an IdM user account9.2.2. Converting an external certificate in the IdM web UI for loading into an IdM user account:9.3. Preparing to load a certificate into the browser9.3.1. Exporting a certificate and private key from an NSS database into a PKCS #12 file9.3.2. Combining certificate and private key PEM files into a PKCS #12 file9.4. Certificate-related commands and formats in IdM10. Configuring Identity Management for smart card authentication10.1. Configuring the IdM server for smart card authentication10.2. Configuring the IdM client for smart card authentication10.3. Adding a certificate to a user entry in IdM10.3.1. Adding a certificate to a user entry in the IdM Web UI10.3.2. Adding a certificate to a user entry in the IdM CLI10.4. Configuring the browser for smart card authentication10.5. Logging in to IdM with smart cards11. Configuring authentication with a certificate stored on the desktop of an IdM client11.1. Configuring the Identity Management Server for Certificate Authentication in the Web UI11.2. Requesting a new user certificate and exporting it to the client11.3. Making sure the certificate and user are linked together11.4. Configuring a browser to enable certificate authentication11.5. Authenticating to the Identity Management Web UI with a Certificate as an Identity Management User11.6. Configuring an IdM client to enable authenticating to the CLI using a certificate12. Configuring certificate mapping rules in Identity Management12.1. Certificate mapping rules for configuring authentication on smart cards12.1.1. Certificate mapping rules for trusts with Active Directory domains12.1.2. Components of an identity mapping rule in IdM12.1.3. Obtaining the issuer from a certificate for use in a matching rule12.2. Configuring certificate mapping for users stored in IdM12.2.1. Adding a certificate mapping rule in IdM12.2.2. Adding certificate mapping data to a user entry in IdM12.3. Configuring certificate mapping for users whose AD user entry contains the whole certificate12.3.1. Adding a certificate mapping rule for users whose AD entry contains whole certificates12.4. Configuring certificate mapping if AD is configured to map user certificates to user accounts12.4.1. Adding a certificate mapping rule if the trusted AD domain is configured to map user certificates12.4.2. Checking certificate mapping data on the AD side12.5. Configuring certificate mapping if AD user entry contains no certificate or mapping data12.5.1. Adding a certificate mapping rule if the AD user entry contains no certificate or mapping data12.5.2. Adding a certificate to an AD user’s ID override if the user entry in AD contains no certificate or mapping data12.6. Combining several identity mapping rules into one13. Using IdM CA renewal master13.1. IdM CA renewal master overview13.2. Changing and resetting IdM CA renewal master13.3. Switching from an externally to self-signed CA in IdM13.4. Renewing the IdM CA renewal master with an externally-signed certificate14. Enabling AD users to administer IdM14.1. ID overrides for AD users14.2. Using ID overrides to enable AD users to administer IdM14.3. Managing IdM Command-Line Interface (CLI) as an AD userLegal Notice Configuring and managing Identity Management Red Hat Enterprise Linux 8Configuring, managing and maintaining Identity Management in Red Hat Enterprise Linux 8Red Hat Customer Content ServicesLegal NoticeAbstract This documentation collection provides instructions on how to effectively configure, manage and maintain Identity Management on Red Hat Enterprise Linux 8. Providing feedback on Red Hat documentation Where did the comment section go?Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.