[Freeipa-devel] Merging dogtag and ipa databases
Simo Sorce
simo at redhat.com
Mon Dec 19 20:52:49 UTC 2011
On Mon, 2011-12-19 at 11:49 -0500, Dmitri Pal wrote:
> On 12/19/2011 11:11 AM, Ade Lee wrote:
> > Hi all,
> >
> > Based on conversations with Adam, Simo and Rob, here are some thoughts
> > on $subject:
> > http://pki.fedoraproject.org/wiki/Merging_IPA_and_Dogtag_Databases
> >
> > I'll probably add more later - like the details on how cloned instance
> > installation will run.
> >
> > Comments are welcome.
> >
> > Ade
> >
>
> Ade,
>
> IPA has a notion of the system account too.
> It has system account for Kerberos for example.
> Those accounts are not exposed in UI and there is already a location for
> them.
> Have you considered this option?
We do not want to have dogtag have write permission to the IPA tree, so
it is better if dogtag has it's service users in it's own tree. We have
nothing in IPA proper that cares for those anyway as they are
application specific.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list