[Freeipa-devel] Session design document
Simo Sorce
simo at redhat.com
Fri Dec 2 13:30:43 UTC 2011
On Fri, 2011-12-02 at 08:22 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
> >> Comments? Suggestions?
> >>
> > Sorry for the late reply.
> >
> > First of all, excellent write-up John, it is very comprehensive and lays
> > down things very clearly.
> >
> > I agree that using ipa:ipa for memcached and wsgi would be a better
> > proposition for us. Although we need to explore how this would affect
> > credential caches created by mod_auth_kerb and our ability to use them,
> > which is crucial*.
>
> The krb ccache will not be readable by ipa:ipa.
I feared that, although maybe we can do some trick with default ACLs to
make them readable to the 'ipa' user.
Do we have the option to re-implement SPNEGO in python and stop using
mod_auth_kerb ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list