[Freeipa-users] migration plan from local accounts

Dmitri Pal dpal at redhat.com
Mon Jan 9 22:50:14 UTC 2012 

On 01/09/2012 04:59 PM, Sylvain Angers wrote:
>
> >Let me know if there is anything unclear about AIX clients in
> the documentation on freeipa.org <http://freeipa.org/>.
>
> May I ask why there is a krb5 server as a requirement on a client?
>
> Thanks
>
>

Server is not a requirement on the client. And kerberos client is
optional too.
It is not a requirement but rather recommended for the best security and
SSO purposes this is why we recommend and use by default configuration.
But you can configure client to use LDAP only for authentication and
identity lookups. It would work too.


> Le 5 janv. 2012 19:50, "Simo Sorce" <simo at redhat.com
> <mailto:simo at redhat.com>> a écrit :
> >
> > On Thu, 2012-01-05 at 18:27 -0500, Sylvain Angers wrote:
> > > Hi again,
> > >
> > >
> > > by moving away from local account, to freeipa do we affect any of
> > > these numbers?:
> > >
> > >
> > > -group name length limits
> > > -group membership limits
> > >
> > >
> > > or they remain the same / as the under limit of the local os?
> > > On linux, I believe there will still be a limitation of 16 id per
> > > group, right?
> >
> > Linux has a "limitation" of 65K groups per user, and this has been true
> > for many years now.
> >
> > If you use NFS with sys auth instead of krb5 auth then you have a
> > lim
>
>     On Thu, 2012-01-05 at 18:27 -0500, Sylvain Angers wrote:
>     > Hi again,
>     >
>     >
>     > by moving away from local account, to freeipa do we affect any of
>     > these numbers?:
>     >
>     >
>     > -group name length limits
>     > -group membership limits
>     >
>     >
>     > or they remain the same / as the under limit of the local os?
>     > On linux, I believe there will still be a limitation of 16 id per
>     > group, right?
>
>     Linux has a "limitation" of 65K groups per user, and this has been
>     true
>     for many years now.
>
>     If you use NFS with sys auth instead of krb5 auth then you have a
>     limitation of 16 groups per user, but this is a protocol limitation
>     valid for all OSs, it is not a limitation of Linux. And using krb5
>     auth
>     there is no such limitation.
>     >
>     > If anyone has some past experience with AIX, feel free to share with
>     > me
>
>     We did some qualification/documentation testing on AIX a while
>     back. All
>     I can say is that AIX can work agains FreeIPA just fine, but I am
>     in no
>     way an AIX expert and the docs we have on freeipa.org
>     <http://freeipa.org> are all I can tell
>     you to use as I already forgot all the details we dicovered at the
>     time
>     we tested AIX :)
>
>     > I am really interested to ear about it
>
>     Let me know if there is anything unclear about AIX clients in the
>     documentation on freeipa.org <http://freeipa.org>.
>
>     Simo.
>
>     --
>     Simo Sorce * Red Hat, Inc * New York
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120109/642732cb/attachment.htm>

More information about the Freeipa-users mailing list