Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
FreeIPA: centralized identity management for Linux
Posted Dec 13, 2012 17:43 UTC (Thu) by drag (subscriber, #31333)
Samba 4 may be able to provide that 'AD connector' functionality for FreeIPA in the future, but last time I checked there remained lots of work to get to that point.
Not sure of any of the details.
Posted Dec 13, 2012 17:49 UTC (Thu) by drag (subscriber, #31333)
Posted Dec 14, 2012 0:25 UTC (Fri) by jldugger (subscriber, #57576)
Posted Dec 14, 2012 11:49 UTC (Fri) by ab (subscriber, #788)
Yes, it is mostly Kerberos trust once it is established, except for a lot of small details on verifying ticket extensions in MS-PAC structure (documented in MS-KILE spec) which change over time, and resolution of SIDs (MS-PAC records SIDs, not group or user names so one has to resolve them first to use) which is a complicated matter in complex topologies.
However, in order to establish AD trust one need to use SMB protocol and MS-RPC services. You may want to look at http://freeipa.org/page/IPAv3_Architecture to get some high level overview on what's happenning. The page has some outdated material though, I'm working on updating it as we speek.
Posted Dec 13, 2012 18:04 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
I have no idea if this has changed since.
Posted Dec 14, 2012 0:27 UTC (Fri) by rahulsundaram (subscriber, #21946)
Posted Dec 14, 2012 11:42 UTC (Fri) by ab (subscriber, #788)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds