[Freeipa-users] FreeIPA for Linux desktop deployment

Sigbjorn Lie sigbjorn at nixtra.com
Wed May 11 18:12:05 UTC 2011 

Excellent, thanks.

I would add to this ticket: "Retreiving the kerberos keytab and storing in the clients's
krb5.keytab", as that's my main issue, not the actual distribution of the common client
configuration files. I do this with CFengine today.

Is the nfs/* kerberos service required for all nfs4+krb clients? If so, that should be added to
the script as well.


Rgds,
Siggi



On Wed, May 11, 2011 00:24, Dmitri Pal wrote:
> On 05/10/2011 05:42 PM, Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>> I would like to see the ipa client scripts and possibly the admin
>> tools in a nice Solaris package. This would make my job a lot easier as we have a lot of
>> customers running Solaris. :)
>>
>> For the server part I agree with you, keep it at RHEL.
>>
>>
>> SSSD @ Solaris / HP-UX / AIX ... well there isn't much (if any) of the
>> UNIX vendors selling their iron as client machines anymore. And I
>> don't see a considerable benefit in adding SSSD to servers, who will be well connected to the
>> network anyway.
>>
>
>
> https://fedorahosted.org/freeipa/ticket/1214
>
>
>
>>
>>
>> Rgds,
>> Siggi
>>
>>
>>
>> On 05/10/2011 11:31 PM, Dmitri Pal wrote:
>>
>>> On 05/10/2011 05:11 PM, Steven Jones wrote:
>>>
>>>> Hi,
>>>>
>>>>
>>>> There are OSS packages that can be installed into Solaris.....so I
>>>> dont see why freeipa cant be ported....at least the x86 CPU version anyway.
>>> I think this will be a huge undertaking. It is not that simple. And is
>>> there really a value for IPA to be on Solaris? I can understand the client part but the server
>>> is less important. It is a dedicated server running on BM or VM so does it really matter what
>>> os it is running as long it is supported and affordable?
>>>
>>> We as a dev community will be open to any effort to port the whole stack
>>> to some other distribution but I bet there are better uses for someones energy that we can
>>> utilize to deliver better functionality to this user community.
>>>
>>> Client is a different issue. I tried to talk to IBM, HP and Sun a year
>>> ago. They are not interested in porting SSSD to their platforms.
>>>
>>>> Oracle/Sun may not want to do IPA but if you had ever had the
>>>> mis-fortune to try and use Oracle's IdM / OVD /OID you'd understand why few
>>>> techies/ppl/businesses want it.....its bloody awful to install let alone work with or
>>>> maintain....So its turns into a risky endeavour and no one sane wants that much risk in
>>>> their business....let alone the 6 figure costs..........and yes Im talking over a million....
>>>>
>>>>
>>>> Hopefully we are getting away from the silo attitude of
>>>> vendors.....Vendors might want only their products in a customer site, but realistically
>>>> customers dont want that for lots of reasons, and pillaging your wallet is one of the
>>>> biggest....
>>>>
>>>> In our case all that happens is we wont buy Sun kit if it doesnt
>>>> work the way we want to work....their loss.
>>>>
>>>> regards ________________________________________
>>>> From: freeipa-users-bounces at redhat.com
>>>> [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal
>>>> [dpal at redhat.com]
>>>> Sent: Wednesday, 11 May 2011 8:24 a.m.
>>>> To: freeipa-users at redhat.com
>>>> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
>>>>
>>>>
>>>> On 05/10/2011 04:10 PM, Steven Jones wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> Its quite interesting that there are no real clients for ipa
>>>>> outside of RH/Fedora....this will probably do more to delay or restrict its adoption than
>>>>> anything else.
>>>>>
>>>> Not sure what you are talking about. Any kerberos enabled service is a
>>>> service and any pam_krb5/nss_ldap or SSSD enabled system can be a client. SSSD is in Debian,
>>>> Ubuntu, SUSE, Fedora, RH
>>>> Would be nice to have it in other OSs like Solaris and HP-UX but they
>>>> have other plans.
>>>>
>>>>> regards
>>>>>
>>>>> Steven
>>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

More information about the Freeipa-users mailing list