Tutorial: Identity Management with FreeIPA

Fraser Tweedale https://linux.conf.au/schedule/30130/view_talk FreeIPA is an integrated identity management solution providing centralised user, host and service management, authentication and authorisation in Linux/UNIX networked environments, with a focus on ease of deployment and management. It is built on top of well-known Open Source technologies and standards including 389 Directory Server, MIT Kerberos and Dogtag Certificate System. This hand-on workshop will provide participants with a comprehensive introduction to FreeIPA including server deployment and administration, client machine enrolment, and configuring server software to use FreeIPA's centralised identity and policy store. Participants will: - Install a FreeIPA server and replica - Enrol client machines in the domain - Create and administer users - Manage host-based access control (HBAC) policies - Issue X.509 certificates for network services - Configure a web server to use FreeIPA for user authentication and access control There will be a number of elective units which participants can choose, based on their progress and particular use cases: - OTP two-factor authentication - Advanced certificate management: profiles, sub-CAs and user certificates - OpenSSH key management - Federated identity with Ipsilon - User self-service secret management - ...and more! If you are planning to attend the workshop please note that *some preparation is strongly advised*. Preparation steps are outlined at https://github.com/freeipa/freeipa-workshop#preparation. In brief, it amounts to "install Vagrant and VirtualBox, and download the VM image" so that you are ready to ``vagrant up`` at the start of the workshop. The `libvirt' provider is also supported.