Welcome to FreeIPA's documentation!
***********************************


What is FreeIPA?
================

FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos, DNS,
Dogtag (Certificate System). It consists of a web interface and
command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for
Linux/UNIX networked environments. A FreeIPA server provides
centralized authentication, authorization and account information by
storing data about user, groups, hosts and other objects necessary to
manage the security aspects of a network of computers.

FreeIPA is built on top of well known Open Source components and
standard protocols with a very strong focus on ease of management and
automation of installation and configuration tasks.


Contents:
^^^^^^^^^

* FreeIPA design documentation

  * One-way trust with shared secret

  * Support domain controller for Samba file server as domain member
    on IPA client

  * Support Samba file server as a domain member on IPA client

  * Manage FreeIPA as a user from a trusted Active Directory domain

  * Include users and groups from a trusted Active Directory domain
    into SUDO rules

  * ID Range: new option for private groups

  * Integrate SID configuration into base IPA installers

  * Policies by authentication indicators

  * Extdom plugin protocol

  * Expiring Password Notifications

  * LDAP Grace Period

  * PasswordExpired control

  * LDAP PAM Passthrough support

  * Password quality using libpwquality

  * Member Manager for group membership

  * IPA Migration

  * Hidden replicas

  * Disable Stale Users

  * LDAPI autobind authentication for services

  * Central management of subordinate user and group ids

  * FreeIPA and an external identity provider integration

  * IPA and an external identity provider integration - idp objects

  * Random Serial Numbers v3 (RSNv3)

* IPA API

  * ipaserver.plugins

* FreeIPA workshop

  * Introduction

  * Preparation

  * Unit 1: Installing the FreeIPA server

  * Unit 2: Enrolling client machines

  * Unit 3: User management and Kerberos authentication

  * Unit 4: Host-based access control (HBAC)

  * Unit 5: Web application authentication and authorisation

  * Unit 6: Service certificates

  * Unit 7: Replica installation

  * Unit 8: Sudo rule management

  * Unit 9: SELinux User Maps

  * Unit 10: SSH user and host key management

  * Unit 11: Kerberos ticket policy

  * Unit 12: Authentication against external Identity Providers

  * Troubleshooting

  * Building Vagrant box images

  * Notes for workshop facilitators


Indices and tables
******************

* Index

* Module Index

* Search Page
