3.4.2 About IPA

IPA allows you to set up a domain controller for DNS, Kerberos, and authorization policies as an alternative to Active Directory Services. You can enrol client machines with an IPA domain so that they can access information for single sign-on authentication. IPA combines the capabilities of existing well-known technologies such as certificate services, DNS, LDAP, Kerberos, LDAP, and NTP.

To be able to configure IPA authentication, use yum to install the ipa-client and ipa-admintools packages.

If you use the Authentication Configuration GUI and select IPA v2 as the user account database, you are prompted to enter the names of the IPA domain, realm, and server. You can also select to configure NTP so that the system time is consistent with the IPA server. If you have initialized Kerberos, you can click Join Domain to create a machine account on the IPA server and grant permission to join the domain.

For more information about configuring IPA, see http://freeipa.org/page/Documentation.