FreeIPA
banners
Contribute to FreeIPA!

From Free IPA

[edit]

Roadmap

[edit]

Contents

[edit]

Release 1

Date: April 2008 (estimated)

Overview: User identity management and centralized authentication for Unix/Linux world

Requirements Doc

Components: The release will include:

  • Linux Distribution (Fedora / Red Hat Enterprise Linux / CentOS)
  • Fedora Directory Server
  • MIT Kerberos
  • NTP
  • Tools for installation
  • Administrative tools (web and command-line)

Main use cases to be solved

  • Authenticate user to Linux/Unix using Kerberos/LDAP instead of NIS.
  • Set up Directory/Kerberos enviroment easily
  • Manage Linux/Unix user identity centrally and more easily (GUI)
  • Enable basic synch with AD and roadmap to a more robust synch

Compelling reason to use

  • Compliance is forcing organizations off of NIS
  • Efficiency is forcing organizations to a better identity management solution
  • Too expensive to maintain an LDAP/Kerberos implementation themselves
[edit]

Release 2

Target Date: Targeting April/May 2009

Requirements Doc

Overview: Machine and Service Identity. Policy. Audit. Pluggable.

Main use cases to be solved

  • Machine authentication and identity
    • Identify and group machines (and virtual instances)
    • Allow new machines to join IPA and gain an identity
    • Easily provide each machine with a kerberos principal and certificate
    • Use above to authenticate machines and provide trust
  • Service authentication and identity
    • Identify and group applications for the purpose of applying policy to them
    • Provide service specific kerberos keytabs and certificates
    • Manage the certificates, autorenew
  • Create an IPA plugin Architecture and framework
  • Create IPA client that manages authentication, cache, connection state to IPA, and will be used to manage authorization
  • Policy and Access Control
    • Set and enforce policy of which users can access which apps on which machines.
    • Enable centrally managed pam login, SELinux, sudoers
  • Audit
    • Centrally collect and audit (i) security events (ii) all logs (iii) every keystroke by a selected group of users and or machines

Compelling reason to use

  • Compliance and efficiency push to have a better access control solution for the Linux/Unix world
  • Compliance and efficiency motivate to centrally manage administrator delegation and sudo configuration
  • Security and compliance push to centrally understand/analyze audit events
Retrieved from "http://freeipa.org/page/Roadmap"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version