[Freeipa-devel] WIP: ipa trust command
Alexander Bokovoy
abokovoy at redhat.com
Mon Dec 12 20:24:48 UTC 2011
On Mon, 12 Dec 2011, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >Hi,
> >
> >I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
> >management CLI and GUI. It is quite apparent that most of management
> >commands will be similar to all future trust types (AD, IPA, etc),
> >thus, it makes sense to develop a generalized `ipa trust' family of
> >commands that would apply to all types of trusts.
> >
> >Let's start with CLI. Below is a first cut at how I see trust
> >management command line interface. Comments, corrections, and critique
> >are all welcomed.
> >
> >One of FreeIPA v3.0 major features will be support for cross-realm
> >trusts with the emphasis on trusts to Active Directory domains. This
> >documents attempts to design a common interface for managing trusts
> >with FreeIPA tools (command line and GUI).
> >
> >`ipa trust'
> >===========
> >
> >`ipa trust' is a common family of operations on trusts. Trusts can be:
> > * created (ipa trust-add)
> > * listed (ipa trust-find)
> > * viewed (ipa trust-show)
> > * removed (ipa trust-del)
> modified?
What can me modify once trust is established? I was unsure in it and
decided removing trust and re-creating is simpler.
> ipa-adtrust-install runs as root and needs to do things that the IPA
> server can't do.
Not really -- see my answer to Simo.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list