Kategorier: Alle - security - integration - authentication

av ericdes (Eric) 16 år siden

507

Authentication inter-operability FreeIPA / AzMan

The discussion centers around the interoperability and authentication capabilities between FreeIPA and Microsoft technologies such as AzMan, ADAM, and ActiveDirectoryMembershipProvider.

Authentication inter-operability FreeIPA / AzMan

AuthenticationInter-Operabilitywith FreeIPA

Main topic

NetSQLAzMan

By Andrea Ferendeles
An improved version of MS AzMan

We can change the code

OpenAzMan

LGLP open source
Because we use NetSQLAzMan's code

Cost to develop?

By Tela-Group
To develop!

FreeIPA

Policy store
XML stored in Fedora DS

Format: FreeIPA / NG Relax

By Red Hat
Open source

MS AzMan

User authentication store
Can FreeIPA simulate a Window identity?

Excerpt from http://msdn.microsoft.com/en-us/library/aa480244.aspx

Authorization Manager can work with Windows integrated authentication types (in other words, those that result in a Windows logon token) at runtime, or ADAM authentication that yields Security Identifiers (SIDs), ADFS which issues claims, or even custom authentication types such as a SQL Server that could work similarly. The type of authentication chosen can imply features supported and integration requirements. For more information about choosing the appropriate authentication model, see the Microsoft patterns & practices site at http://msdn.microsoft.com/practices/ and the Security Guidance Center for Developers at http://msdn.microsoft.com/security/.

But use of the AzMan console for non-Windows identitiesrequires custom user interface using AzMan API

My guess is it is no different than with ADAM, which is documented

But non-Windows integrated authenticationrequires integration code to read users / groups(custom principals)

My guess is it is compatible with FDS

Any

AD, ADAM, SQL Server, etc.

Is ActiveDirectoryMembershipProvider compatible with FreeIPA?

DOES NOT BELONG TO THIS DIAGRAM
By Microsoft
Proprietary code, but free