FreeIPA
banners
Contribute to FreeIPA!

From Free IPA

[edit]

Roadmap

[edit]

Contents

[edit]

Release 2

Target Date: Targeting April/May 2010

Overview: Machine and Service Identity. Pluggable management, HBAC.

Requirements Doc

Components: The release will include:

  • Linux Distribution (Fedora / Red Hat Enterprise Linux / CentOS)
  • 389 Directory Server
  • MIT Kerberos
  • NTP
  • Tools for installation
  • Pluggable and extensible UI/CLI tools
  • CA & RA (Dogtag Certificate Server)
  • DNS (Bind)

Main Use Cases for IPAv2

  • User Identity Management (based on functionality implemented in v1)
  • Machine identity
    • Enrollment of the new machines
      • As a result of the enrollment machine principal must be created and machine credentials provisioned to the machine
      • Machine credentials can be keytab and/or machine certificate.
    • Machine authentication
      • Machines coming on the network and requesting services within the IPA realm shall be authenticated against that realm
      • Machine authentication credentials shall be used to provide mutual authentication/trust, encryption, and SSO capabilities for the services and applications requesting resources and accessing other services within the same IPA realm
  • Machine Management
    • Allow management of individual machines, groups of machines and virtual instances
    • Allow centralized management of different kinds of machine policies
  • Access Control
    • Enable central management of pam login access controls (HBAC - host based access control)

Compelling Reason to Use

  • Compliance and efficiency are forcing organizations to move off NIS and pushing them to use a better identity management and access control solution for the Linux/Unix world
  • Efficiency is forcing organizations to use a better identity management solution
  • Too expensive to maintain own custom LDAP/Kerberos implementation
  • Have been using services that "assume a security mechanism" and wish to secure connections with kerberos or PKI
  • Compliance and efficiency motivate to centrally manage administrator delegation
[edit]

Release 1

Date: April 2008

Overview: User identity management and centralized authentication for Unix/Linux world

Requirements Doc

Components:

  • Linux Distribution (Fedora / Red Hat Enterprise Linux / CentOS)
  • 389 Directory Server
  • MIT Kerberos
  • NTP
  • Tools for installation
  • Administrative tools (web and command-line)

Main use cases to be solved

  • Authenticate user to Linux/Unix using Kerberos/LDAP instead of NIS.
  • Set up Directory/Kerberos enviroment easily
  • Manage Linux/Unix user identity centrally and more easily (GUI)
  • Enable basic synch with AD and roadmap to a more robust synch

Compelling reason to use

  • Compliance is forcing organizations off of NIS
  • Efficiency is forcing organizations to a better identity management solution
  • Too expensive to maintain an LDAP/Kerberos implementation themselves
Retrieved from "http://www.freeipa.org/page/Roadmap"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version