[Freeipa-devel] [PATCH] Password vault
Endi Sukma Dewata
edewata at redhat.com
Wed Jun 3 13:31:09 UTC 2015
On 6/3/2015 1:41 AM, Martin Kosek wrote:
> On 06/02/2015 11:22 PM, Alexander Bokovoy wrote:
>> On Tue, 02 Jun 2015, Endi Sukma Dewata wrote:
>>> I think ideally the
>>> client and server code should be in separate files (so they can be deployed
>>> separately too), but the framework doesn't seem to allow that.
>> This exactly the case we have to use here and we are using that in
>> trusts case as well -- some code has to run on server only and shouldn't
>> cause to install Samba related packages on the client. This is because
>> IPA client is actually using the same IPA plugins that server uses, to
>> have access to the API calls metadata and client-side callbacks are
>> defined in the same place where server-side callbacks are. It is IPA
>> framework design, so we have to use what we have.
>
> This is planned to be changed BTW, when we start with the "Thin Client" concept
> and have different code/plugins for FreeIPA server side and client side.
Is there a ticket for this?
>> In other words, it is not necessarily an evil under conditions we are
>> dealing with.
Having to use the same plugins for client and server is a framework
limitation/poor design. Having to use conditional imports to work around
the limitation is a bad programming practice. The fact that trust plugin
has to implement a similar workaround is not a justification, it just
shows that the problem is not vault-specific.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list