Security best practices and hardening guides
Manage SELinux user context mapping for IPA users on client systems. SELinux user maps assign SELinux user contexts to IPA users and hosts, controlling the SELinux domain users run in. Features include user and host category specification, SELinux user assignment (guest_u, user_u, staff_u, etc.), priority ordering, enable/disable controls, and integration with SSSD for applying SELinux contexts during user login.
Manage system accounts used by IPA services for internal operations. System accounts provide credentials for IPA service components and should not be used for regular user authentication. Features include system account creation, password management, and service-specific account configuration for maintaining secure internal service authentication.
Securely store and retrieve passwords, keys, and other secrets with encryption. Vaults provide encrypted storage with three security types: standard (transport encryption), symmetric (password-encrypted), and asymmetric (public key encrypted). Features include user, service, and shared vault ownership models, secret archival and retrieval, vault membership for access control, escrow for recovery, and integration with KRA (Key Recovery Authority) for secure secrets management.