Kerberos Authentication
Enterprise-grade Single Sign-On with MIT Kerberos KDC for secure, centralized authentication
Open Source Identity Management
FreeIPA provides centralized authentication, authorization, and account information for Linux and Unix environments
Single Sign-On
Authenticate once and access all your Linux and Unix resources seamlessly
Enterprise Security
Kerberos authentication, PKI certificates, and fine-grained access control
Centralized Management
Manage users, groups, hosts, and policies from a single web interface or CLI
Comprehensive Identity Management
FreeIPA integrates proven technologies to provide a complete solution for authentication, authorization, and account management
LDAP Directory Services
Centralized user and group management with 389 Directory Server for scalable identity storage
Integrated DNS
Built-in BIND DNS server with dynamic updates and DNSSEC support for seamless service discovery
System Accounts
Service authentication for applications without Kerberos support using dedicated system accounts
Complete CLI Reference
Comprehensive command-line documentation for all FreeIPA operations. Browse 415+ commands across 55 topics.
415+ commands
55 topics
user-management 21 commands
User Management
Manage user accounts including creation, modification, deletion, and lifecycle operations. IPA users are POSIX-compliant and support Kerberos authentication, certificate mapping, passkey authentication, SSH public keys, and organizational attributes. Features include account enable/disable, password reset, principal aliases, manager relationships, and account lockout management across replicated servers.
user-management 10 commands
Group Management
Manage user groups including POSIX and non-POSIX groups with support for nested membership. Groups can contain users, other groups, and Kerberos services. Features include external group membership for Active Directory trust integration, group membership managers for delegated administration, automatic GID assignment, and flexible membership management for organizing users and services.
dns 31 commands
DNS Management
Manage DNS zones and resource records with integrated DNSSEC support. Features include master and forward zones, comprehensive record type support (A, AAAA, MX, SRV, PTR, TXT, etc.), dynamic updates with Kerberos authentication, zone transfers with TSIG, per-zone permissions for delegation, and interactive record management. Supports both IPv4 and IPv6, reverse zones, and DNS-based service discovery for IPA infrastructure.
directory 20 commands
Host Management
Manage host entries for enrolled machines and servers. Hosts store service principals, participate in host-based access control rules, and can be organized into host groups. Features include enrollment with one-time passwords, SSH key management, certificate management, DNS integration, location assignment, and support for various enrollment scenarios including full and limited administrator workflows.
directory 9 commands
Host Group Management
Manage groups of hosts for policy application and delegated administration. Host groups enable centralized configuration of access control rules, sudo policies, and SELinux mappings. Supports nested host group membership, external members, and membership managers for fine-grained control over host organization and policy assignment.
directory 21 commands
Service Management
Manage Kerberos service principals for network services requiring authentication. Service entries store service credentials, support certificate-based authentication, and enable delegation scenarios. Features include service principal management, certificate operations, host and user delegation, and support for constrained delegation (S4U2Proxy) for application integration and single sign-on.
Built on Proven Technologies
FreeIPA combines best-in-class open source components
MIT Kerberos
Authentication
389 Directory
LDAP Server
Dogtag PKI
Certificates
BIND
DNS Server
SSSD
Client Daemon
Latest from the Blog
News, tutorials, and insights about identity management
Contributing to FreeIPA: A Guide for New Contributors
Learn how to contribute to the FreeIPA project through code, documentation, testing, and community support
FreeIPA Team
FreeIPA Security Best Practices
Essential security hardening techniques and best practices for your FreeIPA deployment
FreeIPA Team
Welcome to the FreeIPA Project
An introduction to FreeIPA, the open-source identity management solution for Linux and Unix environments
FreeIPA Team
Ready to Get Started?
Deploy FreeIPA in minutes and start managing your Linux infrastructure with enterprise-grade identity management