On 04/19/2014 07:46 PM, Nordgren, Bryce L -FS wrote:
I've run out of time for today, but the external collaboration pages
are slowly evolving.
http://www.freeipa.org/page/External_Users_in_IPA
Dimitri observed that my RFE page was too long. I observe it also has
too much stuff unrelated to the actual meat of the RFE. So I factored
out most of the Kerberos stuff into a different page. I also tried to
focus the RFE to just creating entries in LDAP for external users so
they can: a] participate in POSIX groups; and b] have locally-defined
POSIX attributes.
http://www.freeipa.org/page/Collaboration_with_Kerberos
This is where all the Kerberos stuff went. I also added in "Option A"
from Petr's email. Option B will come along later, when I pick this up
again. Mechanism three has more to do with Ipsilon than IPA, and basic
functions required of the Ipsilon gateway server are articulated there
(regardless of the particular authentication method.)
Send comments to the list. I really appreciate Option A! Send more
stuff I didn't think of.
Last week was Red Hat summit. Things piled up. I will try to get to
these pages by the end of the week.
Bryce
This electronic message contains information generated by the USDA
solely for the intended recipients. Any unauthorized interception of
this message or the use or disclosure of the information it contains
may violate the law and subject the violator to civil or criminal
penalties. If you believe you have received this message in error,
please notify the sender and delete the email immediately.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
