Welcome to FreeIPA’s documentation!#
What is FreeIPA?#
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.
- FreeIPA design documentation
- One-way trust with shared secret
- Support domain controller for Samba file server as domain member on IPA client
- Support Samba file server as a domain member on IPA client
- Manage FreeIPA as a user from a trusted Active Directory domain
- Include users and groups from a trusted Active Directory domain into SUDO rules
- ID Range: new option for private groups
- Integrate SID configuration into base IPA installers
- Hardware Security Module (HSM) Support
- Policies by authentication indicators
- Extdom plugin protocol
- Expired Certificate Pruning
- Expiring Password Notifications
- LDAP Grace Period
- PasswordExpired control
- LDAP PAM Passthrough support
- Password quality using libpwquality
- Member Manager for group membership
- IPA Migration
- Hidden replicas
- Disable Stale Users
- LDAPI autobind authentication for services
- Central management of subordinate user and group ids
- FreeIPA and an external identity provider integration
- IPA and an external identity provider integration - idp objects
- Random Serial Numbers v3 (RSNv3)
- IPA client enrollment with PKINIT
- Passkey authentication
- FreeIPA Pull Request CI (PR-CI) checker tool
- Constrained delegation for Kerberos services
- Identity Mapping
- Audit IPA API operations
- FreeIPA workshop
- Introduction
- Preparation
- Unit 1: Installing the FreeIPA server
- Unit 2: Enrolling client machines
- Unit 3: User management and Kerberos authentication
- Unit 4: Host-based access control (HBAC)
- Unit 5: Web application authentication and authorisation
- Unit 6: Service certificates
- Unit 7: Replica installation
- Unit 8: Sudo rule management
- Unit 9: SELinux User Maps
- Unit 10: SSH user and host key management
- Unit 11: Kerberos ticket policy
- Unit 12: Authentication against external Identity Providers
- Troubleshooting
- Building Vagrant box images
- Notes for workshop facilitators
- IPA API Reference