[Freeipa-devel] Session design document
Simo Sorce
simo at redhat.com
Fri Dec 2 02:55:37 UTC 2011
On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
> Comments? Suggestions?
>
Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.
I agree that using ipa:ipa for memcached and wsgi would be a better
proposition for us. Although we need to explore how this would affect
credential caches created by mod_auth_kerb and our ability to use them,
which is crucial*.
You say that object sized for the stuff we will store in memcached
should be limited. What is a reasonable size for those objects ?
I was thinking we may want to store the krb ccaches in memcached in
order to be able to keep them around. The reason I ask is that Krb
ccaches can become quite big if PACs are attached to tickets although
they are normally quite small.
Aside for these minor details I totally agree with the direction you are
proposing and I can't wait to see it implemented :)
Simo.
*In the long term we may even decide to stop using mod_auth_kerb and do
our own handling if this simplifies things, but I guess we will need an
interim transition period in any case, because we can't depend on too
many changes to be done at once as a dependency to introduce sessions.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list