[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Christian Heimes
cheimes at redhat.com
Wed May 27 14:06:16 UTC 2015
On 2015-05-27 15:41, Petr Vobornik wrote:
> It would be great to have a privileged daemon which could observed
> replicated configuration and perform such tasks on all servers so we
> would eliminate manual tasks(and errors and misconceptions which are
> caused by forgotten manual tasks) as much as possible.
We don't need a separate daemon, we already have an HTTP interface. A
reload interface can be implemented with an additional route, e.g. GET
/KdcProxy/refresh. It needs a bit of extra work in kdcproxy,
kdcproxyshim.py and an ACL for the route.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150527/0bec2674/attachment.sig>
More information about the Freeipa-devel
mailing list