[Freeipa-devel] Session design document
Rob Crittenden
rcritten at redhat.com
Fri Dec 2 13:22:51 UTC 2011
Simo Sorce wrote:
> On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
>> Comments? Suggestions?
>>
> Sorry for the late reply.
>
> First of all, excellent write-up John, it is very comprehensive and lays
> down things very clearly.
>
> I agree that using ipa:ipa for memcached and wsgi would be a better
> proposition for us. Although we need to explore how this would affect
> credential caches created by mod_auth_kerb and our ability to use them,
> which is crucial*.
The krb ccache will not be readable by ipa:ipa.
> You say that object sized for the stuff we will store in memcached
> should be limited. What is a reasonable size for those objects ?
> I was thinking we may want to store the krb ccaches in memcached in
> order to be able to keep them around. The reason I ask is that Krb
> ccaches can become quite big if PACs are attached to tickets although
> they are normally quite small.
>
> Aside for these minor details I totally agree with the direction you are
> proposing and I can't wait to see it implemented :)
Yes, seems fine to me too.
rob
More information about the Freeipa-devel
mailing list