DNS Managers in FreeIPA

Posted on by
3

The Domain Name System (DNS) is an essential part of systems management. If you need to manage multiple physical hosts you’d really benefit by a degree of control of some subset of DNS. With Virtual machines, the sheer number of hosts created demand a responsive DNS. Kerberos, X509 and other security mechanisms require a proper DNS configuration. Yet, for many organizations, DNS is locked down by IT to a very static set of records. Earlier articles discussed User Groups, Host Groups, and Netgroups. The final installment in this series discsusses how to delegate DNS Zone management in FreeIPA.

Continue reading

Netgroup Managers in FreeIPA

Posted on by
Reply

The last two articles described how to delegate management of user groups and host groups. The other way to manage both hosts and users in FreeIPA is with Netgroups. Although Netgroups are a concept from NIS, FreeIPA takes them to the next level, and makes them into containers capable of managing both users and groups. This article shows how to delegate the control of a netgroup to a specified user.

Continue reading

Hostgroup Managers in FreeIPA

Posted on by
2

Last article I discussed delegating the authority to manage group membership using FreeIPA. A related topic delegating the ability to manage groups of hosts. There are two different collections for managing hosts: host groups, and netgroups. The approach to delegating authority for managing each of these is similar, but with important differences. First up: hostgroups.

To create a hostgroup for Beowulf hosts:

Continue reading

A second Kerberos Realm

Posted on by
2

With the release of KRB5 1.10 A Kerberos workstation can finally have two different TGTs from two different KDCs active at the same time. Until this technology makes it into the major distributions, we are stuck with the limitation of the browser only knowing about one TGT/KDC/Realm at a time.  If you find yourself needing to talk to a second KDC without disrupting your primary,  here are the steps you can take.

Continue reading

Cloud Narrative

Posted on by
2

Identity Management (IdM) needs change as an organization grows in size. For an example, I’ll describe a fictional company, and take it from the smallest to largest stages. While, to some degree, the industry of this firm really doesn’t matter, I am going to use a small import business started by a single individual and scale it up to a multinational corporation. As the organization grows in size, the technical needs will drive the scope and scale of the identity management solutions required.
(This is my writing Cross posted from the FreeIPA wiki)

Continue reading

Please don’t title your post “Conference Update”

Posted on by
Reply

Everyone at FUDcon posts a FUDcon update. Everyone at OLS posts and OLS update. They come in massive blocks, and I personally can’t process them all. Adam doesn’t scale. Instead, please post a shorter post with the crucial piece or pieces that you’ve learned, and title it that way. You can mention that you learned it at Fudcon, but please provide a better orienting title to you post. I do really want to read them. Since I can’t make it to all the conferences, I count on you, the community, to provide a filter.

Cloud Identity Management

Posted on by
Reply

Openstack Keystone is the Identity Management (IdM) gateway for the rest of the Openstack infrastructure.  While it is fairly new code, and not feature complete as of yet,  it does show some interesting aspects of cloud identity management and the issues it involves.  That, of course, begets the question of what is required in a cloud Identity Management gateway.

Continue reading

Angelo

Posted on by
5

I was working at a local coffee shop when I noticed an old man walk in.  His hat had a Yin Yang on it.  It struck a memory and I Googled for a list of US Army division patches.  Easy access to modern technology told me more than I expected.  The 29th Infantry Division, the Blue and the Gray, landed at Bloody Omaha on June 6th, 1944.

Continue reading