{"results":[{"id":"idm-auth-requires-kerberos-ticket","text":"Authenticating to Red Hat Identity Management (IdM) requires obtaining a Kerberos ticket with `kinit` before performing any administration tasks.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-backend-389ds-ldap","text":"IdM stores identity data in a 389 Directory Server (LDAP) backend","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-complete-identity-stack","text":"IdM provides a unified identity management stack bundling 389 Directory Server (LDAP), MIT Kerberos KDC, Dogtag CA, and SSSD into a single integrated platform with centralized user/group/host/policy management.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-cross-platform-identity-provider","text":"IdM can serve as the enterprise identity provider for any Linux distribution in the data center, providing unified LDAP/Kerberos/CA/SSSD services with AD cross-forest trust integration.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-health-monitored-identity","text":"IdM provides health-monitored identity services: the complete identity stack (389 DS/Kerberos/CA/SSSD) is monitored by automated health checks via `ipa-healthcheck` with systemd timer scheduling, enabling proactive detection of certificate expiration, replication failures, and service degradation before they impact authentication.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-integrates-samba-ansible-automount","text":"Red Hat Identity Management (IdM) on RHEL 9 can integrate with Samba, Ansible, and automount as external services for centralized authentication.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-only-supported-on-rhel","text":"Red Hat Identity Management (IdM) is only officially supported on RHEL, not on other Linux distributions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"logging-tls-universal-deployment","text":"The RHEL 9 logging system role can deploy TLS-encrypted remote log transport in any environment regardless of identity infrastructure.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-audit-subsystem-integrated","text":"RHEL 9 provides a unified audit subsystem with integrated dispatcher, file watch rules, original login identity tracking via auid, dedicated service management (not systemctl), and configurable log location.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-auid-tracks-original-login-identity","text":"The `auid` (Audit UID / loginuid) is assigned at login and inherited across `su`/`sudo`, tracking the original login identity for accountability.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-auid-tracks-original-login-user","text":"The `auid` (audit UID / loginuid) is assigned at login and inherited across `su`/`sudo`, tracking the original login identity for accountability.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-authenticated-observable-security-operations","text":"RHEL 9 security operations are both identity-governed (enterprise identity ecosystem controlling access, Kerberos-gated administration, IdM vault secrets management) and continuously observable (audit subsystem with auid tracking, sos diagnostic reporting), creating an accountability chain from identity authentication through security action to audit trail.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-authenticated-security-monitoring","text":"RHEL 9 connects identity management to security monitoring: IdM provides verified user identities via Kerberos authentication, the audit subsystem tracks all privileged actions via loginuid (auid) which survives su/sudo, and system roles enable consistent security configuration across all managed hosts — creating an end-to-end chain from identity verification through action tracking to configuration enforcement.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-defense-in-depth-security-framework","text":"RHEL 9 enforces defense-in-depth through four integrated security layers: hardened defaults (SELinux enforcing, firewalld, crypto policies), granular cryptographic policy lifecycle management, layered SELinux MAC enforcement with type-based policy, and a unified audit subsystem with original-identity tracking across privilege escalation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-dual-authenticated-identity-governed-workload-lifecycle","text":"RHEL 9 workloads are governed across their full lifecycle by dual authentication (subscription for content access, Kerberos for administration) with continuous observability, from identity-authenticated provisioning (IdM/AD-enrolled systems with DNS autodiscovery) through security-governed runtime isolation (SELinux MCS, firewalld, crypto policies) — creating a closed system where no workload phase is unauthenticated, ungoverned, or unobserved.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-dual-authenticated-observable-lifecycle","text":"RHEL 9 enforces dual authentication boundaries throughout the system lifecycle: subscription authentication gates all content and patch access while identity-governed security monitoring (Kerberos-bound audit with auid tracking) ensures every administrative action is attributable.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-enterprise-identity-ecosystem","text":"RHEL 9 provides a comprehensive enterprise identity ecosystem: IdM as a unified stack (LDAP/Kerberos/CA/SSSD), Kerberos-gated administration for all management interfaces, encrypted secret storage via vaults with client-side encryption and KRA backend, and direct Active Directory integration via SSSD/realmd for hybrid environments.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-health-monitored-enterprise-identity","text":"RHEL 9 enterprise identity services are health-monitored end-to-end: the full identity ecosystem (IdM with AD cross-forest trust, Kerberos-gated administration, vault client-side encryption) is continuously verified by automated ipa-healthcheck with systemd timer scheduling, JSON output with severity grading, and failure-only filtering for operational alerting.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-identity-authenticated-infrastructure-provisioning","text":"RHEL 9 infrastructure provisioning is identity-authenticated end-to-end: the health-monitored enterprise identity ecosystem (IdM/AD with automated health checks) provides the authentication infrastructure that gates content access via subscription registration, which feeds the provisioning pipeline from Image Builder blueprints through Kickstart automation to deployed systems — with identity service health continuously verified.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-identity-bound-hardware-to-data-defense","text":"RHEL 9 defense-in-depth from hardware CPU mitigations through SELinux, firewalld, and crypto policies to LUKS2/NBDE data-at-rest protection is governed by the enterprise identity ecosystem (IdM with LDAP/Kerberos/CA, AD integration, vault secrets), ensuring that access to every security layer is identity-authenticated and that data protection decisions are centrally managed through the identity infrastructure.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":37,"limit":20,"offset":0}