IPA uses Kerberos with an LDAP storage backend and some custom plugins
to help manage users and passwords.

A UI interface is provided to make user administration and self-service
possible. A set of command-line utilities that should provide the same
capabilities is in ipa-admintools.

Firefox
-------

The Gecko engine provides an interface for managing a user's configuration
in Javascript. Naturally this is highly protected and the user gets an
appropriately dire warning when you try to do this. It also requires 
signed javascript.

During installation a signing certificate is created that creates
and signs /usr/share/ipa/html/configure.jar which contains the javascript
to update the browser configuration. User's are directed to go to
/errors/preferencs.html to load this javascript and apply the changes.