News
Identity Management in Red Hat Enterprise Linux® is designed and integrated into Red Hat Enterprise Linux to simplify identity management.
Top Resources
Red hat identity management portfolio
Red Hat Identity Management in Red Hat Enterprise Linux
Identity Management in Red Hat® Enterprise Linux® is designed and integrated into Red Hat Enterprise Linux to simplify identity management. This feature set is available free with your Red Hat Enterprise Linux subscription. Use it to expand how you use Linux while you reduce costs and administrative load. Increase your compliance levels by implementing identity and access management:
Red Hat Directory Server
Red Hat® Directory Server is an LDAP-compliant server product that centralizes user identity and application information. It provides an operating-system independent, network-based registry that you can use to store:
- Application setting
- User profiles
- Group data
- Policies
- Access-control information
It is flexible and can support custom schema.
Red Hat Certificate System
Red Hat® Certificate System has a powerful security framework to manage user identities and ensure communication privacy. By handling the major functions of the identity life cycle, Red Hat Certificate System makes it easier to do enterprise-wide deployments and adopt a public key infrastructure (PKI).
Useful Links
To get started with Identity Management, check out the installation scenarios below:
Enable the idm:DL1 Identity Management server module stream.
[root@server ~]# yum module enable idm:DL1
Synchronize packages to the Identity Management stream.
[root@server ~]# yum distro-sync
Download the packages necessary for installing an IdM server with an integrated DNS.
[root@server ~]# yum module install idm:DL1/dns
For other installation scenarios, see Installing packages required for an IdM server.Run the interactive installation utility.
[root@server ~]# ipa-server-install
During the interactive session, answer a series of simple questions to set the following entries:
- Integrated DNS - to configure an integrated DNS service, enter "yes"
- Host name - by default obtained using reverse DNS
- Domain name - by default based on the host name
- Realm name - by default based on the host name
- Password for Directory Manager - an administrator account for Directory Server
- Password for IPA administrator - a superuser for the IdM Server
- Per-server DNS forwarders - for default forwarding policy settings, see the --forward-policy description in the ipa-dns-install(1) man page
- Reverse zones - the script can check DNS reverse (PTR) records and create new reverse zones if needed
Enter yes to confirm the server configuration.
Continue to configure the system with these values? [no]: yes
After the installation, authenticate to the Kerberos realm to ensure that the administrator is properly configured.
[root@server ~]# kinit admin
Download the packages necessary for installing an IdM client.
[root@client ~]# yum module install idm
Run the interactive installation utility on the client machine.
[root@client ~]# ipa-client-install --enable-dns-updates --mkhomedir
The installation script will attempt to obtain all the required settings, such as DNS records, automatically. Enter "yes" to confirm.
Client hostname: client.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: server.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]:yes
Enter the credentials of a user whose identity will be used to enroll this client.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.COM:To test that the installation was successful, check that the client is able to obtain information about users from the IdM server.
[user@client ~]$ id admin
uid=1254400000(admin) gid=1254400000(admins) groups=1254400000(admins)To test that authentication works correctly, `su` to a root from a non-root user:[user@client ~]$ su -
Last login: Thu Oct 18 18:39:11 CEST 2018 from 192.168.122.1 on pts/0
[root@client ~]#
Browse All Product Knowledge
Topics
Two-factor Authentication
Advantages of One-time Passwords (OTPs)
OTPs are a type of two-factor authentication (2FA) that create a unique password each time you log in to a system. Even if the password is stolen, the OTP cannot be used to log in again. Red Hat®Identity Management combines OTP with SSO (Single Sign-On), so that you can perform the OTP operation once and then be authenticated for multiple applications.
Trusts Between Active Directory and Red Hat Identity Management
Use Red Hat Identity Management to Centrally Manage Your Joined Systems
Host-Based Access Control (HBAC)
Rules for Host-Based Access Control (HBAC)
Identity Management in Red Hat Enterprise Linux allows you to define HBAC rules to control access to both machines and the services on those machines within the IdM domain. An HBAC rule defines who can access what within the domain. This greatly improves security by providing support for access control granularity in highly complex domain environments.