[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Jan Cholasta
jcholast at redhat.com
Wed May 27 13:47:31 UTC 2015
Dne 27.5.2015 v 15:43 Simo Sorce napsal(a):
> On Wed, 2015-05-27 at 13:57 +0200, Jan Cholasta wrote:
>>>>
>>>> ipa config-mod --enable-kdcproxy=TRUE
>>>> ipa config-mod --enable-kdcproxy=FALSE
>>
>> I don't like this approach, as it is completely inconsistent with
>> every
>> other optional component. There should be *one* way to handle them
>> and
>> there already is one, no need to reinvent the wheel.
>
> Sorry Jan, but this is really the correct approach.
I don't think so.
>
> We want a boolean in LDAP to control whether the IPA Domain allows
> proxying or not, the code is embedded in the overall framework and has
> no need for explicit install/uninstall unlike the CA or DNS components.
There is a boolean for every other component/service as well. If you
want to add new API to manipulate the boolean, fine, but it should be
done in a generic way that works for other components as well.
>
> Simo.
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list