Application-specific passwords / Multiple passwords for one user in FreeIPA

This thesis implements basic support for application-specific passwords in FreeIPA, which will not be usable for account management to improve security. On top of that, it proposes a scheme to implement support for more advanced access control for application-specific passwords that would enable to allow access only to a specified set of systems and services for each application-specific password. The thesis also summarizes and explains the reasons for design and implementation decisions, as well as other notable alternatives that were considered. Last but not least, it provides relevant information about key used concepts, software, and technologies.


Faculty of Informatics

Date of Completion

spring 2020



Václav Matyáš


Stanislav Láznička


Richard Kalinec