Time-Based Account Policies in FreeIPA


This thesis deals with the common problems when implementing account policies based on time in the user authorization process. The reader is shown how this problem is solved in some of the current systems. FreeIPA identity management project architecture is presented with the focus on its user management and user authorization policies. The SSSD project is described with aim on its connection to FreeIPA. The author creates a design for time-based account policies functionality and implements it in FreeIPA and SSSD systems.


.1 Get familiar with FreeIPA identity management project architecture, focus on user management and user authorization policies.
2. Research and evaluate existing solutions of the time-based authorization policies in open source or commercial projects.
3. Based on your findings and in agreement with your supervisor, design extensions to FreeIPA and SSSD projects to support display, manipulation and enforcing the policies, especially in different time zones.
4. Implement the design from point 3.
5. Discuss your solution, its advantages and possible improvements.


Leader: Stanislav Láznička

Location: Brno


University: Brno University of Technology
Type: Diploma Thesis
Date of Defence:
Grade: A