Tutorial: Identity Management with FreeIPA

Fraser Tweedale https://linux.conf.au/schedule/30130/... FreeIPA is an integrated identity management solution providing centralised user, host and service management, authentication and authorisation in Linux/UNIX networked environments, with a focus on ease of deployment and management. It is built on top of well-known Open Source technologies and standards including 389 Directory Server, MIT Kerberos and Dogtag Certificate System. This hand-on workshop will provide participants with a comprehensive introduction to FreeIPA including server deployment and administration, client machine enrolment, and configuring server software to use FreeIPA's centralised identity and policy store. Participants will: Install a FreeIPA server and replica Enrol client machines in the domain Create and administer users Manage host-based access control (HBAC) policies Issue X.509 certificates for network services Configure a web server to use FreeIPA for user authentication and access control There will be a number of elective units which participants can choose, based on their progress and particular use cases: OTP two-factor authentication Advanced certificate management: profiles, sub-CAs and user certificates OpenSSH key management Federated identity with Ipsilon User self-service secret management ...and more! If you are planning to attend the workshop please note that *some preparation is strongly advised*. Preparation steps are outlined at https://github.com/freeipa/freeipa-wo.... In brief, it amounts to "install Vagrant and VirtualBox, and download the VM image" so that you are ready to ``vagrant up`` at the start of the workshop. The `libvirt' provider is also supported.