[Freeipa-devel] Tighter automount integration

[Colin Simpson]

Is it planned for IPA to use Kerberized GSSAPI SASL LDAPS to get the maps, now that autofs supports Kerberos authenticated LDAP for maps?

If I'm adding onto my wish list for automount points from a corporate security standpoint, eventual support for NFSv4 kerberized mounts via the automounter would be desired (IPA making this easy to setup and maintain)

It is desirable to have no non-kerberized unencrypted data on the network.

If I'm on a wish list for things to make IPA work cleanly in a corporate context applying the SSH key exchange patch is really essential (i.e so you don't have to maintain "known hosts" files across loads of machines). Plus the cascading credential support, so ticket renewal propagates to all connected SSH sessions. In the bug report for this, RH seem not too keen to include the available patches until the upstream does (even though lots of other vendors do), and the upstream doesn't seem keen for some reason. 

I'll shut up now, I'm asking for too much in one email!

Thanks

Colin


This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20081012/0c33497c/attachment.htm>