Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf

Red Hat Enterprise

Linux 6.2

Identity Management Guide

Managing Identity and Authorization

Policies for Linux-Based Infrastructures

Ella Deon Lackey

Identity Management Guide

Red Hat Enterprise Linux 6.2 Identity Management Guide

Managing Identity and Authorization Policies for Linux-Based

Infrastructures

Edition 2.1.4

Author

Ella Deon Lackey

dlackey@redhat.com

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons

Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available

at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this

document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,

Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity

Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.

Java ® is a registered trademark of Oracle and/or its affiliates.

XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States

and/or other countries.

MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other

countries.

All other trademarks are the property of their respective owners.

1801 Varsity Drive

Raleigh, NC 27606-2072 USA

Phone: +1 919 754 3700

Phone: 888 733 4281

Fax: +1 919 754 3701

Identity and policy management — for both users and machines — is a core function for almost any

enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll

to a domain and immediately access identity information required for single sign-on and authentication

services, as well as policy settings that govern authorization and access. This manual covers all

aspects of installing, configuring, and managing IPA domains, including both servers and clients. This

guide is intended for IT and systems administrators.

Preface xiii

1. Audience and Purpose .................................................................................................. xiii

2. Examples and Formatting .............................................................................................. xiii

2.1. Brackets ............................................................................................................ xiii

2.2. Client Tool Information ........................................................................................ xiii

2.3. Text Formatting and Styles ................................................................................. xiv

3. Giving Feedback ........................................................................................................... xiv

4. Document Change History ............................................................................................. xv

Release Information xvii

1. Known Issues .............................................................................................................. xvii

1. Introduction to Identity Management 1

1.1. IPA v. LDAP: A More Focused Type of Service .............................................................. 1

1.1.1. A Working Definition for Identity Management ..................................................... 1

1.1.2. Contrasting Identity Management with a Standard LDAP Directory ........................ 2

1.2. Bringing Linux Services Together .................................................................................. 3

1.2.1. Authentication: Kerberos KDC ............................................................................ 4

1.2.2. Data Storage: 389 Directory Server .................................................................... 5

1.2.3. Authentication: Dogtag Certificate System ........................................................... 5

1.2.4. Server/Client Discovery: DNS ............................................................................. 5

1.2.5. Management: NTP ............................................................................................ 5

1.3. Relationships Between Servers and Clients ................................................................... 6

1.3.1. About IPA Servers and Replicas ......................................................................... 6

1.3.2. About IPA Clients .............................................................................................. 7

2. Installing an IPA Server 11

2.1. Supported Server Platforms ........................................................................................ 11

2.2. Preparing to Install the IPA Server .............................................................................. 11

2.2.1. Hardware Requirements ................................................................................... 11

2.2.2. Software Requirements .................................................................................... 12

2.2.3. Supported Web Browsers ................................................................................. 12

2.2.4. System Prerequisites ....................................................................................... 12

2.2.4.1. Hostname Requirements ....................................................................... 12

2.2.4.2. Directory Server .................................................................................... 12

2.2.4.3. System Files ....................................................................................... 13

2.2.4.4. System Ports ........................................................................................ 13

2.2.4.5. NTP ..................................................................................................... 13

2.2.4.6. DNS ..................................................................................................... 13

2.2.4.7. Networking ........................................................................................... 15

2.3. Installing the IPA Server Packages .............................................................................. 16

2.4. Creating an IPA Server Instance ................................................................................. 16

2.4.1. About ipa-server-install ..................................................................................... 17

2.4.2. Setting up an IPA Server: Basic Interactive Installation ....................................... 18

2.4.3. Examples of Creating the IPA Server ................................................................ 20

2.4.3.1. Non-Interactive Basic Installation ........................................................... 21

2.4.3.2. Using Different CA Configurations .......................................................... 21

2.4.3.3. Using DNS ........................................................................................... 23

2.4.4. Troubleshooting Installation Problems ............................................................... 24

2.5. Setting up IPA Replicas .............................................................................................. 25

2.5.1. Prepping and Installing the Replica Server ........................................................ 25

2.5.2. Creating the Replica ........................................................................................ 26

2.5.3. Troubleshooting Replica Installation .................................................................. 28

2.6. Uninstalling IPA Servers and Replicas ......................................................................... 28

3. Setting up Systems as IPA Clients 29

iii

Identity Management Guide

3.1. What Happens in Client Setup .................................................................................... 29

3.2. Supported Platforms for IPA Clients ............................................................................. 30

3.3. Configuring a Red Hat Enterprise Linux System as an IPA Client ................................... 30

3.4. Manually Configuring a Linux Client ............................................................................ 34

3.5. Configuring a Solaris System as an IPA Client ............................................................. 38

3.5.1. Configuring Solaris 10 ...................................................................................... 38

3.5.2. Configuring Solaris 9 ....................................................................................... 41

3.6. Configuring an HP-UX System as an IPA Client ........................................................... 42

3.6.1. Configuring NTP .............................................................................................. 42

3.6.2. Configuring LDAP Authentication ...................................................................... 42

3.6.3. Configuring Kerberos ....................................................................................... 43

3.6.4. Configuring PAM .............................................................................................. 44

3.6.4.1. HP-UX 11i v2 ....................................................................................... 44

3.6.4.2. HP-UX 11i v1 ....................................................................................... 45

3.6.5. Configuring SSH .............................................................................................. 46

3.6.6. Configuring Access Control .............................................................................. 47

3.6.7. Testing the Configuration .................................................................................. 48

3.7. Configuring an AIX System as an IPA Client ................................................................ 48

3.7.1. Prerequisites ................................................................................................... 48

3.7.2. Configuring the AIX Client ................................................................................ 49

3.8. Troubleshooting Client Installations .............................................................................. 52

3.9. Uninstalling an IPA Client ........................................................................................... 53

4. Basic Usage 55

4.1. About the IPA Client Tools .......................................................................................... 55

4.1.1. About the IPA Command-Line Tools .................................................................. 55

4.1.1.1. ipa and Other Command-Line Scripts ..................................................... 55

4.1.1.2. Adding Attributes with --setattr and --addattr ........................................... 56

4.1.1.3. Tips for Running IPA Tools .................................................................... 56

4.1.2. Looking at the IPA UI ...................................................................................... 56

4.1.2.1. The UI Layout ....................................................................................... 57

4.1.2.2. Page Elements ..................................................................................... 60

4.1.2.3. Showing and Changing Group Members ................................................ 62

4.1.2.4. Looking at Search Results ..................................................................... 63

4.2. Logging into IPA ......................................................................................................... 63

4.2.1. Logging into IPA .............................................................................................. 63

4.2.2. Logging in When an IPA User Is Different Than the System User ........................ 64

4.2.3. Checking the Current Logged in User ............................................................... 64

4.2.4. Caching User Kerberos Tickets ........................................................................ 65

4.3. Using the IPA Web UI ................................................................................................ 65

4.3.1. Supported Web Browsers ................................................................................. 65

4.3.2. Opening the IPA Web UI .................................................................................. 65

4.3.3. Configuring the Browser ................................................................................... 65

4.3.4. Using a Browser on Another System ................................................................ 68

4.3.5. Enabling Username/Password Authentication in Your Browser ............................ 69

4.3.6. Using the UI with Proxy Servers ....................................................................... 70

4.3.7. Troubleshooting UI Connection Problems .......................................................... 70

5. Identity: Managing Users and User Groups 73

5.1. Setting up User Home Directories ............................................................................... 73

5.1.1. About Home Directories ................................................................................... 73

5.1.2. Enabling the PAM Home Directory Module ........................................................ 74

5.1.3. Manually Automounting Home Directories ......................................................... 74

5.2. Managing User Accounts ............................................................................................ 75

5.2.1. About User Entries .......................................................................................... 75

5.2.1.1. About User Schema .............................................................................. 75

5.2.1.2. About Username Formats ...................................................................... 78

5.2.1.3. About Changing the Default User and Group Schema ............................. 78

5.2.1.4. Applying Custom Object Classes to New User Entries ............................. 79

5.2.1.5. Applying Custom Object Classes to New Group Entries ........................... 82

5.2.2. Adding Users .................................................................................................. 84

5.2.2.1. From the Web UI .................................................................................. 84

5.2.2.2. From the Command Line ....................................................................... 87

5.2.3. Editing Users ................................................................................................... 88

5.2.3.1. From the Web UI .................................................................................. 88

5.2.3.2. From the Command Line ....................................................................... 91

5.2.4. Activating and Deactivating User Accounts ........................................................ 92

5.2.4.1. From the Web UI .................................................................................. 92

5.2.4.2. From the Command Line ....................................................................... 95

5.2.5. Deleting Users ................................................................................................. 95

5.2.5.1. With the Web UI ................................................................................... 95

5.2.5.2. From the Command Line ....................................................................... 97

5.3. Changing Passwords .................................................................................................. 97

5.3.1. From the Web UI ............................................................................................. 98

5.3.2. From the Command Line ................................................................................. 99

5.4. Managing Unique UID and GID Number Assignments .................................................. 99

5.4.1. About ID Range Assignments During Installation ............................................. 100

5.4.2. Adding New Ranges ...................................................................................... 100

5.5. Managing User Groups ............................................................................................. 101

5.5.1. Creating User Groups .................................................................................... 102

5.5.1.1. With the Web UI ................................................................................. 102

5.5.1.2. With the Command Line ...................................................................... 103

5.5.2. Adding Group Members ................................................................................. 105

5.5.2.1. With the Web UI (Group Page) ............................................................ 105

5.5.2.2. With the Web UI (User's Page) ............................................................ 107

5.5.2.3. With the Command Line ...................................................................... 110

5.5.2.4. Viewing Direct and Indirect Members of a Group ................................... 111

5.5.3. Deleting User Groups .................................................................................... 112

5.5.3.1. With the Web UI ................................................................................. 112

5.5.3.2. With the Command Line ...................................................................... 113

5.6. Searching for Users and Groups ............................................................................... 114

5.6.1. With the UI .................................................................................................... 114

5.6.2. With the Command Line ................................................................................. 114

5.7. Specifying Default User and Group Settings ............................................................... 116

5.7.1. Viewing the Settings Configuration .................................................................. 117

5.7.1.1. From the Web UI ................................................................................ 117

5.7.1.2. From the Command Line ..................................................................... 118

5.7.2. Setting Default Search Limits .......................................................................... 119

5.7.2.1. With the Web UI ................................................................................. 119

5.7.2.2. With the Command Line ...................................................................... 121

5.7.3. Setting User Search Attributes ........................................................................ 121

5.7.3.1. From the Web UI ................................................................................ 121

5.7.3.2. From the Web UI ................................................................................ 122

5.7.4. Setting Group Search Attributes ...................................................................... 123

5.7.4.1. From the Web UI ................................................................................ 123

5.7.4.2. From the Command Line ..................................................................... 125

6. Identity: Managing Hosts and Services 127

6.1. About Hosts, Services, and Machine Identity and Authentication .................................. 127

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: