[Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate
Martin Kosek
mkosek at redhat.com
Mon Aug 8 10:52:33 UTC 2016
On 08/05/2016 02:57 PM, Tibor Dudlak wrote:
> Hi,
>
> I have extended my previous patch for authentication with user
> certificate/smartcard. This patch includes patches and plugin described here:
> http://www.freeipa.org/page/V4/External_Authentication/Setup
> Page also contains steps to configure and test this feature. Once this patch is
> merged and released we will simplify this page to not confuse customers.
> Addressing ticket: https://fedorahosted.org/freeipa/ticket/5764
>
> Thanks.
I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so let
me repeat my suggestion here. I still think it is premature to add plugins like
that to FreeIPA core git. We are not agreed yet how we will distribute FreeIPA
plugins, so I would not rush adding this plugin to FreeIPA core, especially
since it is very experimental and not even secure yet. FreeIPA plugin
distribution should be more thought through and discussed.
As I proposed, this plugin can now live outside of FreeIPA core git, in it's
own life cycle (maybe in freeipa-plugins github git repo we create?) so that it
can be updated without updating whole FreeIPA core. In this effort, I would
suggest to only consider updates of
* ipaserver/plugins/xmlserver.py
* ipaserver/rpcserver.py
as these would have to patched by admin deploying this feature and would be
overwritten by RPM updates. The plugin itself or server.conf can be deployed
and installed separatenly, even via other RPM.
Martin
More information about the Freeipa-devel
mailing list