{"id":2787,"date":"2026-03-26T09:54:24","date_gmt":"2026-03-26T08:54:24","guid":{"rendered":"https:\/\/yellotab.se\/x056\/?p=2787"},"modified":"2026-03-26T09:54:26","modified_gmt":"2026-03-26T08:54:26","slug":"ipa-identiteshantering","status":"publish","type":"post","link":"https:\/\/yellotab.se\/x056\/2026\/03\/26\/ipa-identiteshantering\/","title":{"rendered":"IPA identiteshantering"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\ud83c\udfe0 Hur det anv\u00e4nds i ett lokalt n\u00e4tverk<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Central inloggning (SSO)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Du loggar in p\u00e5 alla maskiner med samma konto:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NAS (t.ex. TrueNAS via LDAP)<\/li>\n\n\n\n<li>Linux-servrar<\/li>\n\n\n\n<li>arbetsstationer<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 Du f\u00e5r Single Sign-On via Kerberos (ingen ny login per tj\u00e4nst).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2. Hantera servrar som \u201cclients\u201d<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Alla maskiner i n\u00e4tet ansluts till FreeIPA:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>varje server f\u00e5r ett identitetsobjekt<\/li>\n\n\n\n<li>certifikat genereras automatiskt<\/li>\n\n\n\n<li>autentisering sker centralt<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 Perfekt f\u00f6r ett homelab eller en federerad milj\u00f6.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3. \u00c5tkomstkontroll (RBAC)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Du kan definiera:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>vilka anv\u00e4ndare f\u00e5r logga in p\u00e5 vilka servrar<\/li>\n\n\n\n<li>vilka f\u00e5r sudo-r\u00e4ttigheter<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Exempel:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u201cdev-team\u201d \u2192 access till dev-servrar<\/li>\n\n\n\n<li>\u201cstorage-admin\u201d \u2192 access till NAS<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4. Certifikat &amp; s\u00e4ker kommunikation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">FreeIPA har en inbyggd CA:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>utf\u00e4rdar TLS-certifikat till tj\u00e4nster<\/li>\n\n\n\n<li>anv\u00e4nds f\u00f6r mTLS (du n\u00e4mnde detta i din FrejaID-setup)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 V\u00e4ldigt relevant f\u00f6r din id\u00e9 om s\u00e4ker identitet + federation.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">5. DNS-integration<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">FreeIPA kan fungera som DNS-server:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>automatiskt registrera maskiner<\/li>\n\n\n\n<li>namn som\u00a0<code class=\"\" data-line=\"\">nas.local<\/code>,\u00a0<code class=\"\" data-line=\"\">auth.jidoka.se<\/code><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">6. Integration med andra system<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSH (nyckelhantering)<\/li>\n\n\n\n<li>sudo policies<\/li>\n\n\n\n<li>webbappar via LDAP\/Kerberos<\/li>\n\n\n\n<li>kan kopplas till t.ex. WordPress (du jobbar ju med det)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\ud83c\udfe0 Hur det anv\u00e4nds i ett lokalt n\u00e4tverk 1. Central inloggning (SSO) Du loggar in p\u00e5 alla maskiner med samma konto: \ud83d\udc49 Du f\u00e5r Single Sign-On via Kerberos (ingen ny login per tj\u00e4nst). 2. Hantera servrar som \u201cclients\u201d Alla maskiner i n\u00e4tet ansluts till FreeIPA: \ud83d\udc49 Perfekt f\u00f6r ett homelab eller en federerad milj\u00f6. 3. [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[30],"tags":[39],"class_list":["post-2787","post","type-post","status-publish","format-standard","hentry","category-sakerhet","tag-identitet"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/comments?post=2787"}],"version-history":[{"count":1,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2787\/revisions"}],"predecessor-version":[{"id":2788,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2787\/revisions\/2788"}],"wp:attachment":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/media?parent=2787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/categories?post=2787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/tags?post=2787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}