<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 06/28/2013 03:28 PM, Brian Lee wrote:
<blockquote
cite="mid:CAO8cXGYmUJH9=uhuM0-Fvfa+DG6grSTmRWv0HYY9nwc4t8vmMA@mail.gmail.com"
type="cite">
<div dir="ltr">Dmitri,
<div><br>
</div>
<div>Still not clear on how we're going to be using AEGIS, but I
know integration always makes management happy. If I get
pulled into implementation with AEGIS, I'll ask less vague
questions. Just glad to know there's some opportunities there.</div>
</div>
</blockquote>
<br>
I scanned the docs on the AEGIS side in search of
LDAP/Kerberos/Authentication with 0 results. Which made me look from
a different angle.<br>
AEGIS seems to consume operating system in a preconfigured way
assuming all the identities are sorted out underneath. SSSD and IPA
do exactly that.<br>
My point is that they are on the different layers and IPA + SSSD
will provide a nice foundation but there are no direct requirements
from one to another.<br>
<br>
<blockquote
cite="mid:CAO8cXGYmUJH9=uhuM0-Fvfa+DG6grSTmRWv0HYY9nwc4t8vmMA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div>Brian</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Jun 28, 2013 at 3:03 PM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5"> On 06/26/2013 11:58 AM, Brian Lee
wrote:
<blockquote type="cite">
<div dir="ltr">I would be interested in this as
well. We're utilizing AEGIS, so any integration
options or user experience would be quite helpful.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Jun 26, 2013 at
10:43 AM, KodaK <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sakodak@gmail.com"
target="_blank">sakodak@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">My manager sent this
line item to me today for his meeting with a
director over operations:
<div><br>
</div>
<div>"Discuss long term authentication of aix
and linux systems. Most likely need to
integrate with aegis"</div>
<div><br>
</div>
<div>Besides the fact that I don't know what
they mean here by "integrate" -- has anyone
done anything with AEGIS that might "fit the
description" so to speak?</div>
<div><br>
</div>
<div> A bit of background: they (the windows
folks, of which the director in question is
one) have been trying to push IPA out since
the day I put it in. I'm wondering if this
is yet another artificial barrier they're
using to attempt to justify that decision.</div>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com"
target="_blank">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
</div>
</div>
I did a quick scan of the AEGIS docs.<br>
<a moz-do-not-send="true"
href="http://mysite.verizon.net/ralph.a.smith1/aegis/howto-html/working_in_teams.html#id2535810"
target="_blank">http://mysite.verizon.net/ralph.a.smith1/aegis/howto-html/working_in_teams.html#id2535810</a><br>
<br>
General requirement is to have the same users on all
systems.<br>
This can be accomplished by using SSSD+ FreeIPA on Linux
and AIX LDAP client against FreeIPA if needed on AIX.<br>
See client configuration chapter on FreeIPA Fedora docs
and pages on FreeIPA wiki.<br>
<br>
They also mention NFS. It would be really beneficial to
use NFS4 with FreeIPA.<br>
You can find pointers to how to do this in the
presentations by Steve Dickson at Red Hat summit for the
last 2-3 years.<br>
<a moz-do-not-send="true"
href="http://rhsummit.files.wordpress.com/2013/06/dickson_t_0230_evolvingimprovingredhatenterpriselinuxnfs.pdf"
target="_blank">http://rhsummit.files.wordpress.com/2013/06/dickson_t_0230_evolvingimprovingredhatenterpriselinuxnfs.pdf</a><br>
<a moz-do-not-send="true"
href="http://rhsummit.files.wordpress.com/2012/03/dickson_the_evolution_nfs_protocol.pdf"
target="_blank">http://rhsummit.files.wordpress.com/2012/03/dickson_the_evolution_nfs_protocol.pdf</a><span
class="HOEnZb"><font color="#888888"><br>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</font></span></div>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>