Beruflich Dokumente
Kultur Dokumente
Security Camp at BU
Agenda
● Problem statement
● Aspects of integration
● Integration options
● Recommendations
Central
Central
Active
Active Active
Active Identity
Identity
Directory
Directory Directory
Directory Server
Server
Linux
Linux Linux
Linux Linux
Linux Linux
Linux Linux
Linux Linux
Linux
system
system system
system system
system system
system system
system system
system
33rdrdparty
partyclient
client Policies
Policies
Authentication
Authentication sudo
sudo
Identities
Identities hbac
hbac
automount
automount
Client may use native AD protocols
Name
NameResolution
Resolution selinux
selinux
Authentication can be LDAP or
Kerberos
Active
Active Policies are delivered via configuration files and
Directory
Directory ID mapping uses SFU/IMU extensions in AD managed locally or via a config server like Satellite
or Puppet.
LDAP/Kerberos
LDAP/Kerberos Policies
Policies
Authentication
Authentication sudo
sudo
Identities
Identities hbac
hbac
automount
automount
Name
NameResolution
Resolution selinux
selinux
Authentication can be LDAP or
Kerberos
Samba
SambaWinbind
Winbind Policies
Policies
Authentication
Authentication sudo
sudo
Identities
Identities hbac
hbac
automount
automount
Name
NameResolution
Resolution selinux
selinux
Authentication can use LDAP, Kerberos
or NTLM
Client
Client
NSS Identity
Identity Server
Server
NSS Identity
Responder Identity
Responder Provider
Provider
Boundary
Client
Client Domain
Network
SSSD Domain
Cache
Cache SSSD Provider
Provider
Auth
Auth
PAM
PAM Provider
Provider
Client
Client Responder
Responder Authentication
Authentication
Server
Server
16
Contemporary Integration Option
SSSD
SSSD Policies
Policies
Authentication
Authentication sudo
sudo
Identities
Identities hbac
hbac
automount
automount
Name
NameResolution
Resolution selinux
selinux
Authentication can use LDAP or
Kerberos
All these limitations prevent growth of the Linux environment inside your organization!
DNS
DNS LDAP
LDAP KDC
KDC KDC
KDC LDAP
LDAP DNS
DNS
Linux
Linuxsystem
system
SSSD
SSSD Policies
Policies
Authentication
Authentication sudo
sudo
Identities
Identities hbac
hbac
automount
automount
Policies are managed centrally
Name
NameResolution
Resolution
Client software connects to the right selinux
selinux
server depending on the information it
needs
If you think environment is big enough for a content management system it is big enough for FreeIPA!