 |
| Developer(s) | Red Hat |
|---|---|
| Stable release | |
| Repository | |
| Written in | C [2] and Python [3] |
| Operating system | Linux / Unix |
| Type | Identity management |
| License | GNU General Public License |
| Website | www |
FreeIPA is a free and open source identity management system. FreeIPA is the upstream open-source project for Red Hat Identity Management. [4]
FreeIPA aims to provide a centrally-managed Identity, Policy, and Audit (IPA) system. [5] It uses a combination of Fedora Linux, 389 Directory Server, MIT Kerberos, NTP, DNS, the Dogtag certificate system, SSSD and other free/open-source components. FreeIPA includes extensible management interfaces (CLI, Web UI, XMLRPC and JSONRPC API) and Python SDK for the integrated CA, and BIND with a custom plugin for the integrated DNS server. Each of the major components of FreeIPA operates as a preexisting free/open-source project. The bundling of these components into a single manageable suite with a comprehensive management interface is GPLv3, but that does not change the licenses of the components. [6]
Since version 3.0.0, FreeIPA uses Samba to integrate with Microsoft's Active Directory by way of Cross Forest Trusts. FreeIPA provides support for Linux, Unix-based, Windows and Mac OS X computers. [7] [8]
| Component | Details |
|---|---|
| Fedora Linux | Linux Operating System |
| 389 Directory Server | LDAP implementation |
| MIT's Kerberos 5 | authentication and single sign-on |
| ntpd | network time protocol |
| Apache HTTP Server | Web UI and management framework |
| Python | management framework |
| DogTag | PKI certificate authority |
| Plugin | Description |
|---|---|
| Fleet Commander | Desktop configuration tool that works alongside Cockpit and SSSD to store customized profile templates into FreeIPA's LDAP database. Broadly comparable to Windows GPOs. |
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.
Red Hat, Inc. is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide.
The Yellowdog Updater Modified (YUM) is a free and open-source command-line package-management utility for computers running the Linux operating system using the RPM Package Manager. Though YUM has a command-line interface, several other tools provide graphical user interfaces to YUM functionality.
In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.
The 389 Directory Server is a Lightweight Directory Access Protocol (LDAP) server developed by Red Hat as part of the community-supported Fedora Project. The name "389" derives from the port number used by LDAP.
In computing, a solution stack or software stack is a set of software subsystems or components needed to create a complete platform such that no additional software is needed to support applications. Applications are said to "run on" or "run on top of" the resulting platform.
A LAMP is one of the most common software stacks for the web's most popular applications. Its generic software stack model has largely interchangeable components.
PulseAudio is a network-capable sound server program distributed via the freedesktop.org project. It runs mainly on Linux, including Windows Subsystem for Linux on Microsoft Windows and Termux on Android; various BSD distributions such as FreeBSD, OpenBSD, and macOS; as well as Illumos distributions and the Solaris operating system. It serves as a middleware in between applications and hardware and handles raw PCM audio streams.
Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution (distro), which includes the kernel and supporting system software and libraries—most of which are provided by third parties—to create a complete operating system, designed as a clone of Unix and released under the copyleft GPL license.
This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.
Fedora Linux is a Linux distribution developed by the Fedora Project. It was originally developed in 2003 as a continuation of the Red Hat Linux project. It contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. It is now the upstream source for CentOS Stream and Red Hat Enterprise Linux.
Spacewalk is open-source systems management software for system provisioning, patching and configuration licensed under the GNU GPLv2.
Univention Corporate Server (UCS) is a server operating system derived from Debian with an integrated management system for the central and cross-platform administration of servers, services, clients, desktops and users as well as virtualized computers operated in UCS. In addition to the operation of local, virtual instances, UCS can also be operated in cloud environments. Via the integration of the open source software Samba 4, Univention also supports the functions provided in many companies by Microsoft Active Directory for the administration of computers operated with Microsoft Windows. UCS-based components and UCS-certified, third-party products can be installed via the Univention App Center. UCS provides all App Center applications with a runtime environment and services for the operation including a central, consistent management of the apps. Docker containers can also be run on UCS systems and several of the apps available in the App Center are Docker-based.
OpenLMI provides a common management infrastructure for Linux systems. Available operations include configuration of various operating system parameters and services, hardware components configuration, and monitoring of system resources. Services provided by OpenLMI can be accessed both locally and remotely, using multiple programming languages and standardized APIs.
DNF or Dandified YUM is the next-generation version of the Yellowdog Updater Modified (yum), a package manager for .rpm-based Linux distributions. DNF was introduced in Fedora 18 in 2013; it has been the default package manager since Fedora 22 in 2015, Red Hat Enterprise Linux 8, and OpenMandriva, and is also an alternative package manager for Mageia.
Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance.
The System Security Services Daemon (SSSD) is software originally developed for the Linux operating system (OS) that provides a set of daemons to manage access to remote directory services and authentication mechanisms. The beginnings of SSSD lie in the open-source software project FreeIPA. The purpose of SSSD is to simplify system administration of authenticated and authorised user access involving multiple distinct hosts. It is intended to provide single sign-on capabilities to networks based on Unix-like OSs that are similar in effect to the capabilities provided by Microsoft Active Directory Domain Services to Microsoft Windows networks.
A domain controller (DC) is a server that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain. It is most commonly implemented in Microsoft Windows environments, where it is the centerpiece of the Windows Active Directory service. However, non-Windows domain controllers can be established via identity management software such as Samba and Red Hat FreeIPA.
{{cite web}}: Missing or empty |title= (help)The "IPA" part of FreeIPA stands for identity (identifying and authenticating users and machines), policy (settings for access control of applications and machines), and audit (methods for collecting and auditing security events, logs, and user activities).