Found 5 topics related to this tag
Manage user accounts including creation, modification, deletion, and lifecycle operations. IPA users are POSIX-compliant and support Kerberos authentication, certificate mapping, passkey authentication, SSH public keys, and organizational attributes. Features include account enable/disable, password reset, principal aliases, manager relationships, and account lockout management across replicated servers.
Manage Kerberos service principals for network services requiring authentication. Service entries store service credentials, support certificate-based authentication, and enable delegation scenarios. Features include service principal management, certificate operations, host and user delegation, and support for constrained delegation (S4U2Proxy) for application integration and single sign-on.
Manage Kerberos ticket lifetime and renewal policies. Ticket policies control maximum ticket lifetimes, renewable lifetimes, and maximum renewable age for both users and services. Features include per-user and per-service policy overrides, global default policies, and integration with MIT Kerberos for enforcing authentication session limits and ticket renewal windows.
Configure PKINIT for certificate-based Kerberos authentication. PKINIT enables users and services to obtain Kerberos tickets using X.509 certificates instead of passwords. Features include anonymous PKINIT support and configuration of certificate validation requirements for flexible, certificate-based authentication workflows.
Manage constrained delegation rules for Kerberos services (S4U2Proxy). Service delegation enables services to obtain tickets on behalf of users for accessing other services. Features include delegation rule creation, membership management for delegating and delegated services, and support for constrained delegation scenarios enabling secure service-to-service authentication on behalf of end users.