IPA FAS Keystone







WSGI Yes Yes Yes







LDAP Yes No Preferred







HTTPD Yes Yes Yes







Tomcat Required For CA Not required Not required



















SSH Keys Upcoming Release Supported








Kerberos Required Not Supported Not Supported







SQL Not Supported MySQL, PosgreSQL Supported via SQL Achemy







MEMCACHED Not Supported ? Used for session replication







WebSSO Kerberos (port blocked on many firewalls) OpenID in beta OpenID







Asterix Not Supported Supported Not Supported







Yubikey Not Supported Supported Not Supported







Certificate signing Yes, via Dogtag Yes Yes







Certificate Revocation Yes, via Dogtag Not Supported Not Supported







OCSP Yes, via Dogtag Not Supported Not Supported







DNS Integrated Not Supported (Fedora uses a non-integrated BIND installation) Not Supported







HBAC Requires SSSD client Not Supported Not Supported







SUDO Yes (LDAP) Not Supported Not Supported







Multi tenancy No (Single user list) Not Supported Yes ”Tenants”







Hardware Token Support Not supported, possible with Dogtag Not Supported Not Supported































Host Certificates Yes (Full CA) Yes (Limited CA) Not Supported







User Certificates Not Supported, Possible with Dogtag Generation of certs Supported Not Supported







Reset of password Supported Supported








Password Policy Supported Supported








Password stored as Hash HASH ?







Basic Auth Possible, discouraged Default Default







OTP support Host Enroll Only Not Supported Tokens?











































User Fields cn human_name name








carlicense










displayname










dn










facsimiletelephonenumber








,

gecos










gidnumber
tenant_id








givenname










homedirectory ircnick=None









initials locale='en'









ipauniqueid longitude=None









krblastpwdchange privacy=False









krbpasswordexpiration










krbprincipalname










krbpwdpolicyreference










loginshell










mail(email) multiple email email








mailing address(multiple fields) postal_address









manager
id








memberof_group










memberof_roles
tenant_roles








memberofindirect_group










mepmanagedentry










mobile (multiple)










nsaccountlock status enabled








pager (multiple)










sn










sn










telephonenumber (multiple) telephone









title










uid targetname









uidnumber










userpassword
password









ssh_key










timezone










country_code










gpg_keyid










comments










latitude
















,


























































































































































,










,










,










,










,










,










,










,










,