Appendix C. A Reference of Identity Management Files and Logs
C.1. Identity Management Configuration Files and Directories
Directory or File | Description |
---|---|
/etc/ipa/ | The main IdM configuration directory. |
/etc/ipa/default.conf | Primary configuration file for IdM. Referenced when servers and clients start and when the user uses the ipa utility. |
/etc/ipa/server.conf |
An optional configuration file, does not exist by default. Referenced when the IdM server starts.
If the file exists, it takes precedence over
/etc/ipa/default.conf .
|
/etc/ipa/cli.conf |
An optional configuration file, does not exist by default. Referenced when the user uses the
ipa utility.
If the file exists, it takes precedence over
/etc/ipa/default.conf .
|
/etc/ipa/ca.crt | The CA certificate issued by the IdM server's CA. |
~/.ipa/ |
The user-specific IdM directory created on the local system the first time the user runs an IdM command.
Users can set individual configuration overrides by creating user-specific
default.conf , server.conf , or cli.conf files in ~./ipa/ .
|
/etc/sssd/sssd.conf | Configuration for the IdM domain and for IdM services used by SSSD. |
/usr/share/sssd/sssd.api.d/sssd-ipa.conf | A schema of IdM-related SSSD options and their values. |
/etc/gssproxy/ | The directory for the configuration of the GSS-Proxy protocol. The directory contains files for each GSS-API service and a general /etc/gssproxy/gssproxy.conf file. |
/etc/certmonger/certmonger.conf | This configuration file contains default settings for the certmonger daemon that monitors certificates for impending expiration. |
/etc/custodia/custodia.conf | Configuration file for the Custodia service that manages secrets for IdM applications. |
Directory or File | Description |
---|---|
/etc/sysconfig/ | systemd -specific files |
Directory or File | Description |
---|---|
/etc/ipa/html/ | A symbolic link for the HTML files used by the IdM web UI. |
/etc/httpd/conf.d/ipa.conf | Configuration files used by the Apache host for the web UI application. |
/etc/httpd/conf.d/ipa-rewrite.conf | |
/etc/httpd/conf/ipa.keytab | The keytab file used by the web server. |
/usr/share/ipa/ | The directory for all HTML files, scripts, and stylesheets used by the web UI. |
/usr/share/ipa/ipa.conf | |
/usr/share/ipa/updates/ | Contains LDAP data, configuration, and schema updates for IdM. |
/usr/share/ipa/html/ | Contains the HTML files, JavaScript files, and stylesheets used by the web UI. |
/usr/share/ipa/migration/ | Contains HTML pages, stylesheets, and Python scripts used for running the IdM server in migration mode. |
/usr/share/ipa/ui/ | Contains the scripts used by the UI to perform IdM operations. |
/etc/httpd/conf.d/ipa-pki-proxy.conf | The configuration file for web-server-to-Certificate-System bridging. |
Directory or File | Description |
---|---|
/etc/krb5.conf | The Kerberos service configuration file. |
/var/lib/sss/pubconf/krb5.include.d/ | Includes IdM-specific overrides for Kerberos client configuration. |
Directory or File | Description |
---|---|
/var/lib/dirsrv/slapd-REALM_NAME/ | The database associated with the Directory Server instance used by the IdM server. |
/etc/sysconfig/dirsrv | IdM-specific configuration of the dirsrv systemd service. |
/etc/dirsrv/slapd-REALM_NAME/ | The configuration and schema files associated with the Directory Server instance used by the IdM server. |
Directory or File | Description |
---|---|
/etc/pki/pki-tomcat/ca/ | The main directory for the IdM CA instance. |
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg | The main configuration file for the IdM CA instance. |
Directory or File | Description |
---|---|
~/.cache/ipa/ | Contains a per-server API schema for the IdM client. IdM caches the API schema on the client for one hour. |
Directory or File | Description |
---|---|
/var/lib/ipa/sysrestore/ | Contains backups of the system files and scripts that were reconfigured when the IdM server was installed. Includes the original .conf files for NSS, Kerberos (both krb5.conf and kdc.conf ), and NTP. |
/var/lib/ipa-client/sysrestore/ | Contains backups of the system files and scripts that were reconfigured when the IdM client was installed. Commonly, this is the sssd.conf file for SSSD authentication services. |