[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Jan Cholasta
jcholast at redhat.com
Thu May 28 08:02:12 UTC 2015
Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
> On 2015-05-28 07:32, Jan Cholasta wrote:
>> Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
>>> On 2015-05-27 15:51, Nathaniel McCallum wrote:
>>>> As I understand the problem, there is an assumption that an optional
>>>> component has a distinct service to start and stop. That is not the
>>>> case here. This is just new config for apache.
>>>
>>> More details:
>>>
>>> The KDC Proxy uses the same Apache instance as FreeIPAs Web GUI and
>>> Tomcat. There is no extra service involved. The switch just decides if
>>> https://ipa.example.org/KdcProxy acts as a MS-KKDCP end point or returns
>>> a 404 error.
>>
>> FYI Tomcat does not use the same Apache instance, the Apache instance is
>> configured to proxy requests to Tomcat.
>>
>> If the IPA KDC proxy package is not installed on a replica, then going
>> to /KdcProxy will return 404, right? Why is an additional switch
>> necessary then?
>
> The python-kdcproxy package is a new dependency for the freeipa-server
> package. It will always get installed with the server.
Why? None of the IPA core functionality depends on it, so it should be
optional. Also the overall trend in IPA is to have everything in
subpackages.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list