이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 12. Authentication and Interoperability
- Apache Modules for External Authentication
- A set of Apache modules was added to Red Hat Enterprise Linux 6.6 as a Technology Preview. The
mod_authnz_pam
,mod_intercept_form_submit
, andmod_lookup_identity
Apache modules in the respective packages can be used by Web applications to achieve tighter interaction with external authentication and identity sources, such as Identity Management in Red Hat Enterprise Linux. - Simultaneous maintaining of TGTs for multiple KDCs
- Kerberos version 1.10 added a new cache storage type, DIR:, which allows Kerberos to maintain Ticket Granting Tickets (TGTs) for multiple Key Distribution Centers (KDCs) simultaneously and auto-select between them when negotiating with Kerberized resources. Red Hat Enterprise Linux 6.4 and later includes SSSD enhanced to allow the users to select the DIR: cache for users that are logging in using SSSD. This feature is introduced as a Technology Preview.Package: sssd
- Cross-Forest Kerberos Trust Functionality in Identity Management
- The Cross-Forest Kerberos Trust functionality provided by Identity Management (IdM) is included as a Technology Preview. This feature allows to create a trust relationship between an IdM and an Active Directory (AD) domain. This means that users from the AD domain can access resources and services from the IdM domain with their AD credentials. No data needs to be synchronized between the IdM and AD domain controllers; AD user are always authenticated against the AD domain controller and information about users is looked up without the need for synchronization.This feature is provided by the optional ipa-server-trust-ad package. This package depends on features which are only available in
samba4
. Because samba4-* packages conflicts with the corresponding samba-* packages, all samba-* packages must be removed before ipa-server-trust-ad can be installed.When the ipa-server-trust-ad package is installed, theipa-adtrust-install
utility must be run on all IdM servers and replicas to enable IdM to handle trusts. When this is done, a trust can be established from the command line using theipa trust-add
command or the IdM web UI. For more information, see the Identity Management Guide for Red Hat Enterprise Linux .Note that Red Hat recommends to connect Red Hat Enterprise Linux 6 IdM clients to a Red Hat Enterprise Linux 7 IdM server for cross-forest trust capability. Trusts are fully supported on servers running Red Hat Enterprise Linux 7. Configuration with Red Hat Enterprise Linux 6 clients connected to a Red Hat Enterprise Linux 7 server for cross-forest trust is fully supported as well. In such setups, it is recommended to use the latest version of Red Hat Enterprise Linux 6 on the client side and the latest version of Red Hat Enterprise Linux 7 on the server side.Packages: ipa and samba