[Freeipa-users] Freeipa v2.
Dmitri Pal
dpal at redhat.com
Thu Jun 4 00:04:36 UTC 2009
Valent Turkovic wrote:
> On Mon, Jun 1, 2009 at 5:51 PM, Simo Sorce <ssorce at redhat.com> wrote:
>
>> On Mon, 2009-06-01 at 17:39 +0200, Valent Turkovic wrote:
>>
>>> On Mon, Jun 1, 2009 at 4:30 PM, Simo Sorce <ssorce at redhat.com> wrote:
>>>
>>>> On Sun, 2009-05-31 at 20:23 +0400, Sergei V. Kovylov wrote:
>>>>
>>>>> Hello guys.
>>>>> Glad to see that the project under havy development. I have several questions:
>>>>> 1. Is it still actual to produce some release/ RC in may?\\
>>>>>
>>>> Nope, we will update the website as soon as we have new estimates, but
>>>> we are clearly slipping at least a few months.
>>>>
>>> If you don't mind my asking, what is the reason for slipping?
>>>
>> We have not yet finished all the features and the python framework
>> rewrite :-)
>>
>> I think we simply underestimated some tasks initially.
>>
>> Simo.
>>
>
> I have just one more quick question...
>
> Will IPAv2 have implementation of replication of group policy objects.
> That is to say, the ability to make a small change, to multiple
> machines, with one setting on the server. An example of this is to
> lock down proxy settings for a browser on all machines with one
> setting on the server, or to restrict portions of the menu.
>
> Cheers.
>
>
>
We are more and more stepping away from the P of IPA as we originally
thought about it.
The P of IPA duplicates a lot of other existing projects in different
ways so we are currently evaluating our plans about policy management in
IPA.
Rather than building our own solution from scratch it makes sense to
integrate with existing solid configuration management alternatives.
How? It is the big question and we seriously looking into it. But it is
something that will take time and a lot of investigation and coordination.
We are committed to P of IPA but our assessment showed that what we
planned might not be the right way to tackle the problem.
Audit also seems to be a much bigger undertaking than we originally
thought but we are committed to it. However audit is being developed as
a n independent component.
This would allow us to deliver it on the independent schedule when it is
ready to do the basics.
For now, it seems that is would make sense to focus on things we already
know how to do and can be completed in a foreseeable future (by
September or so).
Looking at what this might mean I would say that the release would
consist of:
1) SSSD - client identity framework that allows offline authentication
functionality and provides capability to have different identity domains
including but not limited to IPA. (LDAP, NIS, etc.). This would allow
client machines to be a part of the domain and have secure channel to
server. This secure channel can/will be used for cert provisioning and
key management.
2) Server with :
a) New extensible and pluggable management framework and richer CLI/UI
b) Integrated DNS
c) Integrated NIS backward compatibility plugin (for systems that do not
understand LDAP for NSS)
d) Integrated CA with ability to issues certs of auto renew certs on the
client
e) Some key management features (may be)
f) Host base access control rules
g) Support of automount maps via LDAP
This is a realistic view of what IPA v2 might end up being.
We will continue on the project.
We are already looking into post IPA v2 features related to Kerberos and
Samba.
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list