[Freeipa-devel] [PROPOSAL] Kerberos flags

Sumit Bose sbose at redhat.com
Fri Mar 8 09:27:46 UTC 2013 

On Thu, Mar 07, 2013 at 03:15:18PM -0500, Rob Crittenden wrote:
> Based on a comment from Sumit in ticket
> https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline
> of how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
> 
> There is a bit of hand waving going on around how the flags are
> actually set inside the KDB plugin since I'm not at all familiar
> with that code but I don't expect it to be too big a deal.
> 
> I'm not necessarily volunteering to do this work, just trying to
> keep the ball moving forward.

Thank you for setting up the design page. I would like to suggest that
we should try to include all currently available flags in one run,
because:
- some flags related to OTP would be needed as well
- it is only a minor increase the development effort
- it is only a minor increase in the QE effort. Instead of doing
  * set/unset flag in CLI/WebUI
  * check with kdamin.local if the flag is in the expected state
  for a single attribute it has to be done for a list of attributes
  (maybe the steps can be added to a new 'How to test' section on the
  design page)
- it will help to find a good solution how to handle the flags in the
  CLI/WebUI

I think the last point is important because the flags are needed for all
Kerberos principals, i.e. users, hosts and services. Instead of adding a
list of new options/check boxes to each of the CLI commands/WebUI pages
it might be more helpful to handle the flags separately. The CLI can get
a new command class, e.g. krbflags. In the WebUI the Kerberos flags can be
shown and modified in a separate tab, I hope this will allow to use a
common template to users, hosts and services. These are only rough ideas
and suggestions, my point is that if we not only add a single flag but
about 15 it might be easier to find a good and usable interface to
modify them.

bye,
Sumit

> 
> rob
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list