[Freeipa-devel] [PATCH] 0001 Provide Kerberos over HTTP (MS-KKDCP)
Christian Heimes
cheimes at redhat.com
Tue Jun 23 13:19:13 UTC 2015
On 2015-06-23 14:56, Simo Sorce wrote:
> Why are you using "#!/usr/bin/env python2.7" ?
> We do not use this idiom, as it breaks in some cases, at most in some
> sources that are v2 only we use "#!/usr/bin/python2", please change it.
Force of habit. I'm used to use /usr/bin/env in my own packages.
Otherwise the code isn't compatible with virtual envs. For FreeIPA it
makes more sense to stick to python2. I'm going to change it.
> I am not sure you should really have a completely separate
> KDCProxyInstance, if I read it right that will cause httpd to be
> restarted twice. If you put KDCProxy enablement as one step of the
> httpdinstance then you will have much less code and httpd can be
> restarted only once.
> KDCProxy in general is not a separate service so instantiating it as a
> full service seem wrong to me. IMO it should be just one of the many
> steps of the http instance.
Correct, the KDCProxyInstance restarts the HTTPD service a second time.
The instance used to do much more work. In the last patch it created a
service principal with keytab and assigned a permission to the service
principal.
With the new design, the code has been simplified so much, that it
actually makes sense to move it into HTTPInstance. It's going to take me
just a couple of minutes to remove the instance.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150623/094b5544/attachment.sig>
More information about the Freeipa-devel
mailing list