On Wed, 19 Jan 2011 12:20:25 -0500 Simo Sorce <[email protected]> wrote:
> On Wed, 19 Jan 2011 16:18:09 +0000 > JR Aquino <[email protected]> wrote: > > > On 1/18/11 4:02 PM, "Simo Sorce" <[email protected]> wrote: > > > > > > > >We need to use authenticated lda binds in init scripts as otherwise > > >starting components fails when the option to restrict anonymous > > >access to ldap is set. > > > > > >In order to do that we need to also start the KDC unconditionally, > > >so it has been removed form the list of services retrieved from > > >ldap and always started/stopped/restarted explicitly in the script. > > >This is necessary so the script can obtain kerberos credentials to > > >bind to ds using its keytab. > > > > > >Fixes ticket #795 > > > > > >Simo. > > > > > >-- > > >Simo Sorce * Red Hat, Inc * New York > > >_______________________________________________ > > >Freeipa-devel mailing list > > >[email protected] > > >https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > > > ACK > > > > Thanks but Rich pointed me to the docs I couldn't find earlier in > order to use SASL/EXTERNL instead of actual credentials. > > So I'll hold on this patch and try to propose an alternative that > does not require SASL/GSSAPI auth. If that will be possible and > satisfactorily I will retire this patch an propose a new one, > otherwise I'll push this one. > > Simo. > Ok I am retiring this patch and sending an alternative one. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
