Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Chapter 20. Configuring Identity Management in Red Hat Satellite

Identity Management (IDM) deals with the management of individual identities, their credentials and privileges used in a networking environment. IDM can help to increase the security of your system and ensure that the right people have access to the right information when they need it.
Red Hat Satellite has a realm feature that will automatically manage the life cycle of any system registered to a realm or domain provider. This section will explain how you need to configure the Satellite Server or Capsule Server for IDM and how to automatically add client systems to the Satellite 6 Identity Management host group.
Report a bug
The initial step to use Identity Management (IDM) in Red Hat Satellite is to configure the Red Hat Satellite Server or Red Hat Satellite Capsule Server.
Prerequisites

Make sure that the following are setup before configuring IDM:

  1. A Satellite Server registered to the content delivery network or an independent Capsule Server registered to the Satellite Server
  2. A realm or domain provider such as Red Hat Identity Management configured and set up
To configure the Satellite Server or Capsule Server for IDM Realm Support:
  1. On the Satellite Server or Capsule Server, install the following packages: 
    # yum install ipa-client foreman-proxy ipa-admintools
    Copy to Clipboard Toggle word wrap
  2. Configure the Satellite Server (or Capsule Server) as an IPA client: 
    # ipa-client-install
    Copy to Clipboard Toggle word wrap
  3. Create a realm-capsule user and the relevant roles in Red Hat Identity Management on the Satellite Server or Capsule Server: 
    # foreman-prepare-realm admin realm-capsule
    Copy to Clipboard Toggle word wrap
    Running foreman-prepare-realm will prepare a FreeIPA or Red Hat Identity Management server for use with the Foreman Smart Proxy. It creates a dedicated role with the permissions needed for Foreman, creates a user with that role and retrieves the keytab file. You will need your Identity Management server configuration details on this step.
    If the command successfully executes, you should be able to see the following command output: 
    Keytab successfully retrieved and stored in: freeipa.keytab
Realm Proxy User:    realm-capsule
Realm Proxy Keytab:  /root/freeipa.keytab
    Copy to Clipboard Toggle word wrap
  4. Move the /root/freeipa.keytab to the /etc/foreman-proxy directory and set the ownership settings to the user foreman-proxy: 
    # mv /root/freeipa.keytab /etc/foreman-proxy
# chown foreman-proxy:foreman-proxy /etc/foreman-proxy/freeipa.keytab
    Copy to Clipboard Toggle word wrap
  5. Configure the realm based on whether you are using Satellite Server or Capsule Server:
    • If you are using the integrated capsule in the Satellite Server, use katello-installer to configure the realm: 
      # katello-installer --capsule-realm true \
  --capsule-realm-keytab /etc/foreman-proxy/freeipa.keytab \
  --capsule-realm-principal 'realm-capsule@EXAMPLE.COM' \
  --capsule-realm-provider freeipa
      Copy to Clipboard Toggle word wrap

      Note

      These options may also be run at the initial configuration of Red Hat Satellite Server.
    • If you are using an independent Capsule Server, use capsule-installer to configure the realm: 
      # capsule-installer --realm true \
  --realm-keytab /etc/foreman-proxy/freeipa.keytab \
  --realm-principal 'realm-capsule@EXAMPLE.COM' \
  --realm-provider freeipa
      Copy to Clipboard Toggle word wrap
  6. Make sure that the most updated versions of the ca-certificates package is installed and trust the IPA Certificate Authority: 
    # cp /etc/ipa/ca.crt /etc/pki/ca-trust/source/anchors/ipa.crt
# update-ca-trust enable
# update-ca-trust
    Copy to Clipboard Toggle word wrap
  7. (Optional) If you are configuring IDM on an already existing Satellite Server or Capsule Server, the following steps should also be taken to make sure that the configuration changes take effect:
    1. Restart the foreman-proxy service: 
      # service foreman-proxy restart
      Copy to Clipboard Toggle word wrap
    2. Log in to the Satellite Server and click Infrastructure Capsules.
    3. Click on the drop down menu on the right-hand side of the Capsule Server you have configured for IDM and choose Refresh Features.
  8. Finally, create a new realm entry in the Satellite Server user interface:
    1. Click Infrastructure Realms and on the right-hand corner of the main page, click New Realm.
    2. Fill in the fields in the following subtabs:
      1. Realm - provide the realm name, the type of realm to use and the realm proxy.
      2. Locations - choose the locations where the new realm is intended for use.
      3. Organizations - choose the organizations where the new realm is intended for use.
    3. Click Submit.
The Satellite Server or Capsule Server is now ready to provision hosts that automatically register to IDM. The next section will detail the steps on how to automatically add hosts to an IDM host group.
Report a bug
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat