<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 01/09/2012 04:59 PM, Sylvain Angers wrote:
<blockquote
cite="mid:CABn0HjuLjmxzoPBs5p1sQPmntKyLNc=AVDU7cuikUkJi2vN6sQ@mail.gmail.com"
type="cite">
<p>>Let me know if there is anything unclear about AIX clients
in the documentation on <a moz-do-not-send="true"
href="http://freeipa.org/" target="_blank">freeipa.org</a>.</p>
<p>May I ask why there is a krb5 server as a requirement on a
client?</p>
<p>Thanks</p>
<br class="Apple-interchange-newline">
</blockquote>
<br>
Server is not a requirement on the client. And kerberos client is
optional too.<br>
It is not a requirement but rather recommended for the best security
and SSO purposes this is why we recommend and use by default
configuration.<br>
But you can configure client to use LDAP only for authentication and
identity lookups. It would work too.<br>
<br>
<br>
<blockquote
cite="mid:CABn0HjuLjmxzoPBs5p1sQPmntKyLNc=AVDU7cuikUkJi2vN6sQ@mail.gmail.com"
type="cite">
<p>
Le 5 janv. 2012 19:50, "Simo Sorce" <<a
moz-do-not-send="true" href="mailto:simo@redhat.com"
target="_blank">simo@redhat.com</a>> a écrit :<br>
><br>
> On Thu, 2012-01-05 at 18:27 -0500, Sylvain Angers wrote:<br>
> > Hi again,<br>
> ><br>
> ><br>
> > by moving away from local account, to freeipa do we
affect any of<br>
> > these numbers?:<br>
> ><br>
> ><br>
> > -group name length limits<br>
> > -group membership limits<br>
> ><br>
> ><br>
> > or they remain the same / as the under limit of the
local os?<br>
> > On linux, I believe there will still be a limitation
of 16 id per<br>
> > group, right?<br>
><br>
> Linux has a "limitation" of 65K groups per user, and this
has been true<br>
> for many years now.<br>
><br>
> If you use NFS with sys auth instead of krb5 auth then you
have a<br>
> lim</p>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">On
Thu, 2012-01-05 at 18:27 -0500, Sylvain Angers wrote:<br>
> Hi again,<br>
><br>
><br>
> by moving away from local account, to freeipa do we affect
any of<br>
> these numbers?:<br>
><br>
><br>
> -group name length limits<br>
> -group membership limits<br>
><br>
><br>
> or they remain the same / as the under limit of the local
os?<br>
> On linux, I believe there will still be a limitation of 16
id per<br>
> group, right?<br>
<br>
Linux has a "limitation" of 65K groups per user, and this has
been true<br>
for many years now.<br>
<br>
If you use NFS with sys auth instead of krb5 auth then you have
a<br>
limitation of 16 groups per user, but this is a protocol
limitation<br>
valid for all OSs, it is not a limitation of Linux. And using
krb5 auth<br>
there is no such limitation.<br>
><br>
> If anyone has some past experience with AIX, feel free to
share with<br>
> me<br>
<br>
We did some qualification/documentation testing on AIX a while
back. All<br>
I can say is that AIX can work agains FreeIPA just fine, but I
am in no<br>
way an AIX expert and the docs we have on <a
moz-do-not-send="true" href="http://freeipa.org"
target="_blank">freeipa.org</a> are all I can tell<br>
you to use as I already forgot all the details we dicovered at
the time<br>
we tested AIX :)<br>
<br>
> I am really interested to ear about it<br>
<br>
Let me know if there is anything unclear about AIX clients in
the<br>
documentation on <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">freeipa.org</a>.<br>
<br>
Simo.<br>
<br>
--<br>
Simo Sorce * Red Hat, Inc * New York<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>