|
IPA |
FAS |
Keystone |
|
|
|
|
|
|
|
|
WSGI |
Yes |
Yes |
Yes |
|
|
|
|
|
|
|
|
LDAP |
Yes |
No |
Preferred |
|
|
|
|
|
|
|
|
HTTPD |
Yes |
Yes |
Yes |
|
|
|
|
|
|
|
|
Tomcat |
Required For CA |
Not required |
Not required |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSH Keys |
Upcoming Release |
Supported |
|
|
|
|
|
|
|
|
|
Kerberos |
Required |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
SQL |
Not Supported |
MySQL, PosgreSQL |
Supported via SQL Achemy |
|
|
|
|
|
|
|
|
MEMCACHED |
Not Supported |
? |
Used for session replication |
|
|
|
|
|
|
|
|
WebSSO |
Kerberos (port blocked on many firewalls) |
OpenID in beta |
OpenID |
|
|
|
|
|
|
|
|
Asterix |
Not Supported |
Supported |
Not Supported |
|
|
|
|
|
|
|
|
Yubikey |
Not Supported |
Supported |
Not Supported |
|
|
|
|
|
|
|
|
Certificate signing |
Yes, via Dogtag |
Yes |
Yes |
|
|
|
|
|
|
|
|
Certificate Revocation |
Yes, via Dogtag |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
OCSP |
Yes, via Dogtag |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
DNS |
Integrated |
Not Supported (Fedora uses a non-integrated BIND installation) |
Not Supported |
|
|
|
|
|
|
|
|
HBAC |
Requires SSSD client |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
SUDO |
Yes (LDAP) |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
Multi tenancy |
No (Single user list) |
Not Supported |
Yes ”Tenants” |
|
|
|
|
|
|
|
|
Hardware Token Support |
Not supported, possible with Dogtag |
Not Supported |
Not Supported |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Host Certificates |
Yes (Full CA) |
Yes (Limited CA) |
Not Supported |
|
|
|
|
|
|
|
|
User Certificates |
Not Supported, Possible with Dogtag |
Generation of certs Supported |
Not Supported |
|
|
|
|
|
|
|
|
Reset of password |
Supported |
Supported |
|
|
|
|
|
|
|
|
|
Password Policy |
Supported |
Supported |
|
|
|
|
|
|
|
|
|
Password stored as |
Hash |
HASH |
? |
|
|
|
|
|
|
|
|
Basic Auth |
Possible, discouraged |
Default |
Default |
|
|
|
|
|
|
|
|
OTP support |
Host Enroll Only |
Not Supported |
Tokens? |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User Fields |
cn |
human_name |
name |
|
|
|
|
|
|
|
|
|
carlicense |
|
|
|
|
|
|
|
|
|
|
|
displayname |
|
|
|
|
|
|
|
|
|
|
|
dn |
|
|
|
|
|
|
|
|
|
|
|
facsimiletelephonenumber |
|
|
|
|
|
|
|
|
|
, |
|
gecos |
|
|
|
|
|
|
|
|
|
|
|
gidnumber |
|
tenant_id |
|
|
|
|
|
|
|
|
|
givenname |
|
|
|
|
|
|
|
|
|
|
|
homedirectory |
ircnick=None |
|
|
|
|
|
|
|
|
|
|
initials |
locale='en' |
|
|
|
|
|
|
|
|
|
|
ipauniqueid |
longitude=None |
|
|
|
|
|
|
|
|
|
|
krblastpwdchange |
privacy=False |
|
|
|
|
|
|
|
|
|
|
krbpasswordexpiration |
|
|
|
|
|
|
|
|
|
|
|
krbprincipalname |
|
|
|
|
|
|
|
|
|
|
|
krbpwdpolicyreference |
|
|
|
|
|
|
|
|
|
|
|
loginshell |
|
|
|
|
|
|
|
|
|
|
|
mail(email) multiple |
email |
email |
|
|
|
|
|
|
|
|
|
mailing address(multiple fields) |
postal_address |
|
|
|
|
|
|
|
|
|
|
manager |
|
id |
|
|
|
|
|
|
|
|
|
memberof_group |
|
|
|
|
|
|
|
|
|
|
|
memberof_roles |
|
tenant_roles |
|
|
|
|
|
|
|
|
|
memberofindirect_group |
|
|
|
|
|
|
|
|
|
|
|
mepmanagedentry |
|
|
|
|
|
|
|
|
|
|
|
mobile (multiple) |
|
|
|
|
|
|
|
|
|
|
|
nsaccountlock |
status |
enabled |
|
|
|
|
|
|
|
|
|
pager (multiple) |
|
|
|
|
|
|
|
|
|
|
|
sn |
|
|
|
|
|
|
|
|
|
|
|
sn |
|
|
|
|
|
|
|
|
|
|
|
telephonenumber (multiple) |
telephone |
|
|
|
|
|
|
|
|
|
|
title |
|
|
|
|
|
|
|
|
|
|
|
uid |
targetname |
|
|
|
|
|
|
|
|
|
|
uidnumber |
|
|
|
|
|
|
|
|
|
|
|
userpassword |
|
password |
|
|
|
|
|
|
|
|
|
|
ssh_key |
|
|
|
|
|
|
|
|
|
|
|
timezone |
|
|
|
|
|
|
|
|
|
|
|
country_code |
|
|
|
|
|
|
|
|
|
|
|
gpg_keyid |
|
|
|
|
|
|
|
|
|
|
|
comments |
|
|
|
|
|
|
|
|
|
|
|
latitude |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
, |
|
|
|