Hey all.
Anyone here use FreeIPA for centralized auth and MFA services for Linux?
In my last employment (over 10 years ago), I used OpenLDAP and probably about nine years ago. I PoC'ed FreeIPA, but came to the conclusion I wouldn't be super comfortable implementing it in a Enterprise.
That said, I'm PoCing it again and right now I'm really liking what I'm seeing. Though I haven't delved into all the different areas and features sets yet and haven't yet enabled MFA on my lab yet. I do love the RBAC that you can setup though. Even around sudo usage, though it took me a few times to get some commands working properly.
That said, one thing I'm trying to find is how to change the default home directory path. We use NFS home directories and when you login. I want to to map to those, but I don't see a configuration in FreeIPA to change this.
I could always just remove /home and symlink it to the correct mount location, but that is kind of a dirty hack. (though that is basically what I do for KVM to create VMs in something other than my /var partition lol.
Anyone here use FreeIPA for centralized auth and MFA services for Linux?
In my last employment (over 10 years ago), I used OpenLDAP and probably about nine years ago. I PoC'ed FreeIPA, but came to the conclusion I wouldn't be super comfortable implementing it in a Enterprise.
That said, I'm PoCing it again and right now I'm really liking what I'm seeing. Though I haven't delved into all the different areas and features sets yet and haven't yet enabled MFA on my lab yet. I do love the RBAC that you can setup though. Even around sudo usage, though it took me a few times to get some commands working properly.
That said, one thing I'm trying to find is how to change the default home directory path. We use NFS home directories and when you login. I want to to map to those, but I don't see a configuration in FreeIPA to change this.
I could always just remove /home and symlink it to the correct mount location, but that is kind of a dirty hack. (though that is basically what I do for KVM to create VMs in something other than my /var partition lol.
