[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Christian Heimes
cheimes at redhat.com
Fri May 22 12:27:04 UTC 2015
On 2015-05-22 14:02, Petr Vobornik wrote:
> Actually the service part of "IPA servers" is not covered in the
> proposal. The proposal just says that it can be added later.
>
> There will be question if it should even be called "services". Maybe
> capabilities would be better term given that KDC Proxy is not a
> standalone service.
It's an implementation detail. KDC Proxy shares the Apache HTTP with
webui because it is the simplest way. We don't have to create another
certificate and an additional principal. However in the future that may
change. For high traffic sites a separation of webui and KDC proxy may
make sense. The KKDCP WSGI app has different tuning requirements than webui.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150522/a3684a19/attachment.sig>
More information about the Freeipa-devel
mailing list