Red hat identity management portfolio
Red Hat Identity Management in Red Hat Enterprise Linux
Identity Management in Red Hat® Enterprise Linux® is designed and integrated into Red Hat Enterprise Linux to simplify identity management. This feature set is available free with your Red Hat Enterprise Linux subscription. Use it to expand how you use Linux while you reduce costs and administrative load. Increase your compliance levels by implementing identity and access management:
Red Hat Directory Server
Red Hat® Directory Server is an LDAP-compliant server product that centralizes user identity and application information. It provides an operating-system independent, network-based registry that you can use to store:
- Application setting
- User profiles
- Group data
- Access-control information
It is flexible and can support custom schema.
Red Hat Certificate System
Red Hat® Certificate System has a powerful security framework to manage user identities and ensure communication privacy. By handling the major functions of the identity life cycle, Red Hat Certificate System makes it easier to do enterprise-wide deployments and adopt a public key infrastructure (PKI).
Enable the idm:DL1 Identity Management server module stream.
[root@server ~]# yum module enable idm:DL1
Synchronize packages to the Identity Management stream.
[root@server ~]# yum distro-sync
Download the packages necessary for installing an IdM server with an integrated DNS.
[root@server ~]# yum module install idm:DL1/dnsFor other installation scenarios, see Installing packages required for an IdM server.
Run the interactive installation utility.
[root@server ~]# ipa-server-install
During the interactive session, answer a series of simple questions to set the following entries:
- Integrated DNS - to configure an integrated DNS service, enter "yes"
- Host name - by default obtained using reverse DNS
- Domain name - by default based on the host name
- Realm name - by default based on the host name
- Password for Directory Manager - an administrator account for Directory Server
- Password for IPA administrator - a superuser for the IdM Server
- Per-server DNS forwarders - for default forwarding policy settings, see the --forward-policy description in the ipa-dns-install(1) man page
- Reverse zones - the script can check DNS reverse (PTR) records and create new reverse zones if needed
Enter yes to confirm the server configuration.
Continue to configure the system with these values? [no]: yes
After the installation, authenticate to the Kerberos realm to ensure that the administrator is properly configured.
[root@server ~]# kinit admin
Download the packages necessary for installing an IdM client.
[root@client ~]# yum module install idm
Run the interactive installation utility on the client machine.
[root@client ~]# ipa-client-install --enable-dns-updates --mkhomedir
The installation script will attempt to obtain all the required settings, such as DNS records, automatically. Enter "yes" to confirm.
Client hostname: client.example.com
DNS Domain: example.com
IPA Server: server.example.com
Continue to configure the system with these values? [no]:
Enter the credentials of a user whose identity will be used to enroll this client.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.COM:
To test that the installation was successful, check that the client is able to obtain information about users from the IdM server.
[user@client ~]$ id admin
uid=1254400000(admin) gid=1254400000(admins) groups=1254400000(admins)To test that authentication works correctly, `su` to a root from a non-root user:
[user@client ~]$ su -
Last login: Thu Oct 18 18:39:11 CEST 2018 from 192.168.122.1 on pts/0