[Freeipa-devel] Management of the CS instances.
Dmitri Pal
dpal at redhat.com
Fri Jun 17 22:59:50 UTC 2011
Hi,
Before we went too far with implementing the CS decoupling here is a
stupid idea I have.
We can proceed with the plans described in tickets:
https://fedorahosted.org/freeipa/ticket/1250
https://fedorahosted.org/freeipa/ticket/1251
https://fedorahosted.org/freeipa/ticket/1252
However what we can do is store the CS instance DM password encrypted in
the main instance.
Then the management utility (ticket 1250) would first have to fetch this
encrypted attribute from the main instance.
We would be able to define ACIs on it and use the kerberos
authentication against the main instance instead of prompting user for
the DM password.
It is a little bit more work but much better and consistent user
experience and administrative model.
What do you think?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list