Enrolling a client system into Identity Management (IdM) can be done with a single command, namely: ipa-client-install. This command will configure SSSD, Kerberos, Certmonger and other elements of the system to work with IdM. The important result is that the system will get an identity and key so that it can securely connect to IdM and perform its operations. However, to get the identity and key, the system should
Continue reading “Understanding Identity Management Client Enrollment Workflows”
In the previous post I talked about Smart Card Support in Red Hat Enterprise Linux. In this article I will drill down into how to select the right deployment architecture depending on your constraints, requirements and availability of the smart card related functionality in different versions of Red Hat Enterprise Linux.
To select the right architecture for a deployment where users would authenticate using smart cards when logging into Linux systems you need to
Continue reading “Picking your Deployment Architecture”
Recent Red Hat Enterprise Linux releases see an expansion in support of the smart card related use cases. However customers usually have a mixed environment and standardize on a specific version of Red Hat Enterprise Linux for period of time. It is important to understand the
Continue reading “Smart Card Support in Red Hat Enterprise Linux”
Increasing Interest in Identity Management
During last several months I’ve seen a rapid growth of interest in Red Hat’s Identity Management (IdM) solution. This might have been due to different reasons.
Questions related to DNS and service discovery regularly come up during deployments of Identity Management (IdM) in Red Hat Enterprise Linux in a trust configuration with Active Directory. This blog article will shed some light of this aspect of the integration.
We will start with a description of the environment. Let us say that the Active Directory environment consist of
Continue reading “Discovery and Affinity”
As predicted in one of my earlier posts, more and more customers are starting to seriously evaluate and move off of third party Active Directory integration solutions. They want to use or at least consider leveraging identity management technologies available in Red Hat Enterprise Linux.
In the calls and face to face meetings as well as during customer presentations at Red Hat Customer Convergence events, Red Hat Summit, Defence in Depth and other conferences I get a lot of questions about such migration. As it is becoming a common theme, I decided to consolidate some of the thoughts, ideas, and best practices on the matter in a single blog post.
Continue reading “Migrating from third party Active Directory integration solutions”
In Part 1 of this series, we looked at core improvements for Identity Management (IdM) in Red Hat Enterprise Linux (RHEL) 7.3, as well as manageability and other improvements. In the second half, we’re going to look at interoperabilty, and Active Directory integration.
Continue reading “Identity Management Improvements in Red Hat Enterprise Linux 7.3: Part 2”
Red Hat Enterprise Linux (RHEL) 7.3 has been out for a bit, but have you looked at what we’ve added in the Identity Management area for this release? I’m excited to say, we’ve added quite a bit!
In the past I have been talking about individual features in Identity Management (IdM) and System Security Services Daemon (SSSD) but this is really not how we prioritize our efforts nowadays. We look at customer requests, community efforts, and market trends and then define themes for the release. So what were these themes for RHEL 7.3?
Continue reading “Identity Management Improvements in Red Hat Enterprise Linux 7.3: Part 1”
This post continues my series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement eight (i.e. the requirement to identify and authenticate access to system components). The outline and mapping of individual articles to requirements can be found in the overarching post that started the series.
Requirement eight is directly related to IdM. IdM can be used to address most of the requirements in this section. IdM stores user accounts, provides user account life-cycle management
Continue reading “PCI Series: Requirement 8 – Identify and Authenticate Access to System Components”
This is my sixth post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement seven (i.e. the requirement to restrict access to cardholder data by business need to know). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
Section 7 of the PCI DSS standard talks about access control and limiting the privileges of administrative accounts. IdM can play a big role in addressing these requirements. IdM provides several key features that are related to access control and privileged account management. The first one is
Continue reading “PCI Series: Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know”