News
Identity Management in Red Hat Enterprise Linux® is designed and integrated into Red Hat Enterprise Linux to simplify identity management.
Top Resources
Red hat identity management portfolio
Red Hat Identity Management in Red Hat Enterprise Linux
Identity Management in Red Hat® Enterprise Linux® is designed and integrated into Red Hat Enterprise Linux to simplify identity management. This feature set is available free with your Red Hat Enterprise Linux subscription. Use it to expand how you use Linux while you reduce costs and administrative load. Increase your compliance levels by implementing identity and access management:
Red Hat Directory Server
Red Hat® Directory Server is an LDAP-compliant server product that centralizes user identity and application information. It provides an operating-system independent, network-based registry that you can use to store:
- Application setting
- User profiles
- Group data
- Policies
- Access-control information
It is flexible and can support custom schema.
Red Hat Certificate System
Red Hat® Certificate System has a powerful security framework to manage user identities and ensure communication privacy. By handling the major functions of the identity life cycle, Red Hat Certificate System makes it easier to do enterprise-wide deployments and adopt a public key infrastructure (PKI).
Useful Links
To get started with Identity Management, check out the installation scenarios below:
-
Install the Identity Management server package.
[root@server ~]# yum install ipa-server -
Configure a host name for your system.
[root@server ~]# hostnamectl set-hostname server.example.com -
Run the installation script for the Identity Management server.
[root@server ~]# ipa-server-install -
During the interactive session, answer a series of simple questions to set the following entries:
- Integrated DNS - if your DNS zone and SRV records are properly set on your system, you may proceed by selecting the default value "no".
- Host name - by default obtained using reverse DNS
- Domain name - by default based on the host name
- Realm name - by default based on the host name
- Password for Directory Manager - an administrator account for Directory Server
- Password for IPA administrator - a superuser for the IdM Server
-
After the installation, authenticate to the Kerberos realm to ensure that the administrator is properly configured.
[root@server ~]# kinit admin
A typical installation of your Identity Management (IdM) server will take approximately 10 minutes:
-
Run the installation script on the client machine with the following parameters to enroll the host to the IdM realm.
[root@client ~]# ipa-client-install --server server.example.com --domain example.comNote that if your DNS zone and SRV records are set properly on your system, the auto-discovery feature will enroll your host without the need to specify the server and the domain and the clients will fail-over in case the original IPA server becomes unavailable.
-
After the installation, authenticate to the Kerberos realm to ensure that the administrator is properly configured.
[root@client ~]# kinit adminYou can also print basic account information to verify that the SSSD service is running as expected:
[root@client ~]# id admin
A typical installation of an IdM client will take approximately 1 minute:
Browse All Product Knowledge
Topics
Two-factor Authentication
Advantages of One-time Passwords (OTPs)
OTPs are a type of two-factor authentication (2FA) that create a unique password each time you log in to a system. Even if the password is stolen, the OTP cannot be used to log in again. Red Hat®Identity Management combines OTP with SSO (Single Sign-On), so that you can perform the OTP operation once and then be authenticated for multiple applications.
Trusts Between Active Directory and Red Hat Identity Management
Use Red Hat Identity Management to Centrally Manage Your Joined Systems
Host-Based Access Control (HBAC)
Rules for Host-Based Access Control (HBAC)
Identity Management in Red Hat Enterprise Linux allows you to define HBAC rules to control access to both machines and the services on those machines within the IdM domain. An HBAC rule defines who can access what within the domain. This greatly improves security by providing support for access control granularity in highly complex domain environments.