[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Christian Heimes
cheimes at redhat.com
Wed May 27 13:34:16 UTC 2015
On 2015-05-27 14:47, Petr Vobornik wrote:
> Install/uninstall is not the same thing as enable/disable. Installation
> is a set of steps which first configures and then (optionally) enables
> the component.
>
> E.g:
> 1. modify configuration file(s), ldap entries
> 2. run something which starts the component. E.g. `systemctl start xxx`,
> an ldap change which is being observed (like topology plugin).
>
> The only rationale for external tool is to do stuff which can't be done
> trough API. E.g. restart of httpd.service or a need of Directory
> Manager. But in that case the tool should be:
>
> ipa-kdcproxy-manage enable|disable
Right, the restart of httpd.service isn't handled by ipa config-mod. A
tool like ipa-kdcproxy-manage could handle the restart on a local
machine. As far as I know it won't be able to restart httpd on all
replicas, too.
My current implementation needs a restart of all Apache servers on all
machines, that run a kdc proxy instance.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150527/de0582c2/attachment.sig>
More information about the Freeipa-devel
mailing list