Got some progress with protocol transition in OpenSSH: if you login with any authentication mechanism that does not lead to creation of Kerberos tickets, now you can configure your server to generate one on the user's behalf. This uses Services For User (S4U) extensions available in Active […]
New 𝗡𝗮𝘁𝗶𝘃𝗲 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀/𝗟𝗗𝗔𝗣 𝘄𝗶𝘁𝗵 𝗙𝗿𝗲𝗲𝗜𝗣𝗔/𝗜𝗗𝗠 article based on @hofstede.io work - credit goes to him.
vermaden.wordpress.com/2026/02/18/n...
#verblog #freebsd #kerberos #idm #freeipa #ssh
Native FreeBSD Kerberos/LDAP with FreeIPA/IDM I want to make this clear in the first sentence because its biggest chance that people will read it – this article is entirely based on work done by ...
#Uncategorized #doas #freebsd #freeipa #idm #linux […]
[Original post on vermaden.wordpress.com]
About to leave to Brussels for #CentOSConnect and #FOSDEM. We will have a #FreeIPA / #SSSD / #Keycloak stand on Saturday (at building K level 1 group C) and Identity and Access Management devroom (H.2214).
Come to see and discuss!
2/2
2) 🇨🇿 The Czech National Film Archive uses a similat setup to #EU_OS: #AlmaLinux #bootc with #freeIPA for some of their staff. Now Czechia is on the map! nfa.cz/en
I’ve documented a clean, native way to join FreeBSD 15 to a FreeIPA realm. Pure Kerberos (GSSAPI). Lightweight LDAP (nslcd). No local user management.
Keep your base system sane.
blog.hofstede.it/integrating-...
#FreeBSD #SysAdmin #FreeIPA #OpenSource
Fedora Test Day: FreeIPA Modern WebUI Join us for Fedora Test Day: FreeIPA Modern WebUI! Explore new features, provide feedback, and help shape the future of FreeIPA. Your input matters! The post F...
#Blog #Fedora #Fedora #Test #Day #FreeIPA
Origin | Interest | Match
N'hésitez pas à nous aider à tester la nouvelle interface web de #FreeIPA.
L'événement se déroule aujourd'hui et demain.
Les tests : testdays.fedoraproject.org/testday/9
Zajímá vás #FreeIPA? Víte, že má nové webové rozhraní? Pojďte se na něj zítra a pozítří podívat a poskytnout vývojářům zpětnou vazbu, co se vám na něm líbí a co ne.
mojefedora.cz/testovani-freeipa-modern...
#fedora #testday
#FOSDEM
Our proposal for #FreeIPA/#SSSD/#Keycloak/#OpenWallet stand was accepted this year! We have some demo ideas but if you want to see an integration/feature demoed, tell us!
fosdem.org/2026/news/2025-11-16-acc...
#Yesterdayatwork
- #Samba Team ran an online developer gathering (wiki.samba.org/index.php/Samba_Develope... next one is next Tuesday
- System Accounts support merged to #FreeIPA upstream, finally, including Web UI integration: https://www.youtube.com/watch?v=cWY0deOZJms […]
IPA administrator logged in to AD DC running on Windows Server 2025.
Fun Wireshark statistics on how operations get split on the login attempt
Was testing today if #FreeIPA can establish trust to Windows Server 2025-based Active Directory (it does work fine). And then tried to test if I can login with IPA user to that Windows Server 2025 domain controller without my global catalog code. Apparently […]
[Original post on mastodon.social]
#yesterdayatwork
Past week was busy. We released #FreeIPA 4.12.5 with the fix for CVE-2025-7493. I think we ended up doing 13 downstream releases (RHEL+Fedora) and anticipate several weeks of busy freeipa-users@ traffic.
New FreeIPA Web UI support was merged upstream but building it on the […]
#YesterdayAtWork:
- #FreeIPA and #Samba 4.23 interop fixes pushed to #Fedora 43 updates stable. Not sure they are part of the Fedora 43 beta iso image, though.
- We started looking into how to automatically test Samba and FreeIPA trust interop in Fedora QA infra […]
#YesterdayAtWork:
- the new #Samba 4.23 release candidates found a bug I had in #FreeIPA for a decade. MS-DRSR spec forces version of ForestTrustInfo structure to be set to 1 (the only supported type) and Samba started enforcing it. FreeIPA saved the structure with a default (0) version number […]
FreeIPA - Identity, Policy, Audit — FreeIPA documentation #freeipa #linux #login #user #directory #management
#YesterdayAtWork
- back from the Flock+meetings+Devconf trip that took 12 days. Flights got delayed in Prague due to thunderstorms, came back around midnight.
- Tuesday we released #FreeIPA 4.12.4 with a fix to CVE-2025-4404. Spent some time getting Fedora builds done. RHEL builds were released […]
- fleet management with #Foreman
- user management with #FreeIPA (if time is left)
As of now, the first three goals are basically done. 🥳
Setting up #foreman is challenging. If you can help, reach out: blog.riemann.cc/about#contact
2/2
#YesterdayAtWork:
It is a Red Hat Summit's week and I'm in Boston.
- ran a talk about post-quantum crypto in RHEL together with @simo5 and Amy.
- gave 4 lightning talks about different #FreeIPA features that we either have implemented recently or are working upstream:
- `ipa-migrate`
- […]
Deploy FreeIPA Server on Cloud VPS
#almalinux #freeipa #hosting #ident #oraclelinux #podman #rockylinux #selfhosting #selfhosted #vps #Cloud #Guides #VPS
Configuring FreeBSD 14.2 to authenticate against a FreeIPA (or Red Hat IDM) with Kerberos and LDAP *without* SSSD or any other clutter. Just plain openldap26, and krb5.
Very lightweight and simple configuration, entirely done via Ansible […]
[Original post on burningboard.net]
If you're attending the Red Hat Summit this year, I'll be there as well and will be talking about post-quantum cryptography together with @simo5. I also will be showing some upstream demos around FreeIPA projects.
Never been at the Summit before, so it would be an opportunity to meet and talk […]
#YesterdayAtWork, or rather for couple weeks:
- in #FreeIPA completed DNSSEC support recovery after OpenSSL provider API migration
- in orther to merge that upstream, we had to migrate to Fedora 42 builds in CI. This wasn't easy for our Azure CI
- python-dnspython removal in Fedora caused […]
