Red Hat Identity Management and Infrastructure
Red Hat provides a portfolio of standards-based identity management offerings to manage individual identities and their authentication, authorization, and privileges/permissions to increase the security of your system and help to ensure that the right people have access to the right information when they need it.
The Red Hat identity Management portfolio consists of three distinct solutions that use related technologies but are combined and optimized to solve different use cases. These three solutions, one feature set in Red Hat Enterprise Linux and two Red Hat Enterprise Linux add-on products, are described below:
Identity Management in Red Hat Enterprise Linux is a feature set specifically designed and integrated into Red Hat Enterprise Linux 6.2 and later to simplify identity management. This feature set is available free with your Red Hat Enterprise Linux subscription. It allows you to expand your use of Linux while at the same time reducing costs, administrative load, and rising compliance levels by implementing central authentication, identity look-up service, and fine-grained access control.
Red Hat® Directory Server is an LDAP-compliant server product that centralizes user identity and application information. It provides an operating-system independent, network-based registry for storing application settings, user profiles, group data, policies, and access-control information. It is very flexible and can support custom schema.
Red Hat® Certificate System provides a powerful security framework to manage user identities and ensure communication privacy. Handling the major functions of the identity life cycle, Red Hat Certificate System simplifies enterprise-wide deployment and adoption of a public key infrastructure (PKI).
Identity Management in Red Hat Enterprise Linux
Identity Management in Red Hat Enterprise Linux provides a centralized and clear way to manage identities for users, machines, and services within large Linux/Unix enterprise environments. Identity Management also provides a way to define access-control policies to govern those identities. In addition, in mixed Windows/Linux environments, Identity Management in Red Hat Enterprise Linux inter-operates with Microsoft Active Directory for easier identity management administration.
Because Identity Management is integrated with Red Hat Enterprise Linux, it is an easy and cost-effective way to introduce identity and policy management wherever you need it. It is a free feature set included with your Red Hat Enterprise Linux subscription.
- Integrated, native user, host, and service and authentication and access control
- Consistent and manageable identity management
- Standards-based, trusted technologies
- Easy and clear ways to implement, maintain, and understand authentication and access-control policies
- Flexible access-control rules based on sudo rules, host-based rules, and other criteria
- Consistent and universal password policies for users
- Integration with established Linux/Unix services like NFS, automount, NIS, NTP, Kerberos, and DNS into a single management domain
- Up to 20 servers and replicas and an unlimited number of clients in a single domain
Red Hat Directory Server
Red Hat Directory Server is an LDAP-compliant server that centralizes application settings, user profiles, group data, policies, and access-control information in a network-based registry. Red Hat Directory Server simplifies user management by eliminating data redundancy and automating data maintenance. It also improves security, enabling administrators to store policies and access-control information in the directory for a single authentication source across enterprise or extranet applications.
- Centralized management of people and their profiles, thus reducing administrative costs
- Central repository for user profiles and preferences, enabling personalization of applications and systems
- Twenty-way, multi-master replication of data across the enterprise, providing a centralized, consistent data source available to enterprise applications
- Single sign-on access
- Scalability for massive numbers of users by containing the information control required for developing extranet applications
Red Hat Certificate System
The Red Hat Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system that supports all aspects of certificate life-cycle management, including key archival, Online Certificate Status Protocol (OCSP), and smart-card management. A certificate has a long life cycle, beginning with the initial request and ending when it's revoked or expired. There are different operations for validating a request, issuing and revoking the certificate, and checking its status; it is also possible to use smart cards or to recover lost keys. Red Hat Certificate System combines these functions to centralize control for your public key infrastructure—validating requests, issuing certificates, storing keys, processing OCSP requests, and managing tokens.
- Certificate issuance, revocation, and retrieval
- Certificate Revocation List (CRL) generation and publishing
- Certificate profiles
- Simple Certificate Enrollment Protocol (SCEP)
- Local Registration Authority (LRA) for organizational authentication and policies
- Encryption key archival and recovery
- Smart-card life cycle management
- Token profiles
- Token enrollment, on-hold, key recovery, and format
- Face-to-face enrollment with the security officer workstation interface
Introduction to LDAP—Part 1
Senior Technical Support Engineer Karan Rai gives an overview of Lightweight Directory Access Protocol (LDAP). Topics covered include how LDAP stores data, examples of LDAP databases, a breakdown of common terms associated with LDAP, and how LDAP Data Interchange Format (LDIF) works.Configuring OpenLDAP—Part 2
In the second part of his LDAP video series, Senior Technical Support Engineer Karan Rai discusses how to configure an LDAP server using OpenLDAP, as well as use of OpenLDAP tools like ldapadd, ldapdelete, ldapsearch, and ldapmodify..Using LDAP to Automount Home Directories with Autofs Maps—Part 3
In part three of Karan Rai's LDAP video series, he demonstrates how to automount users' home directories using the autofs service. Demonstrated is how to modify the auto.master and auto.home files to automount directories for all LDAP users.
Top Solutions for Identity Management
- How do I authenticate RHEL6 to Windows 2008 R2 system using LDAP and kerberos?
- How do I configure RHEL6 machine as an LDAP Client?
- When my first Identity Management server goes down, why can users no longer login although I have an IdM replica in placa system in place?
- How to configure DNS SRV records for an IPA / IdM replica?
- IdM/IPA replica install error - Replica has a different generation ID than the local data - scenario with network connections problems
- How to add a service account in IdM/IPA with a password that does not expire?
- IdM/IPA replica install error - Replica has a different generation ID than the local data - scenario with multiple replica install and un-install
Top Solutions for Red Hat Certificate System
- How to customize Red Hat Certificate System root Certificate Authority signing cert validity dates and extensions?
- Support for RFC 4262- X509v3 Certificate Extension for Secure/Multipurpose Internet Mail Extension(S/MIME) Capabilities in Red Hat Certificate Server
- How to Migrate the Openldap Database from RHEL3 to RHEL5 and RHEL6
- How to reset the Red Hat Certificate System admin password
- How to publish or store digital certificates and CRLs in a Directory server?
- Red Hat Certificate System CA subsystem start exception on PassThroughRequestFilter after upgrading from 8.0 to 8.1
- IPA Frequently Asked Questions
Top Solutions for Red Hat Directory Server
- How to authenticate Red Hat Enterprise Linux 5 against Windows 2008 Active Directory using LDAP and Kerberos method
- How to join Red Hat Enterprise Linux 6 to Microsoft Windows Active Directory 2003 domain using Kerberos and samba/winbind method
- Where can I download PassSync.msi for Red Hat Directory Server/ IPA Server?
- What should be the best practice for password policies in RHDS replication scenerio?
- How do I use the rfc2307bis schema in Red Hat Directory Server 8.1 or 8.2
- Posix Attributes and LDAP replication, uidNumber, gidNumber, HomeDirectory not synced from Active Directory to Red Hat Directory Server
- Is it possible to set up replication between RHDS8 and RHDS9?