On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
> Comments? Suggestions?
> 
Sorry for the late reply.

First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.

I agree that using ipa:ipa for memcached and wsgi would be a better
proposition for us. Although we need to explore how this would affect
credential caches created by mod_auth_kerb and our ability to use them,
which is crucial*.

You say that object sized for the stuff we will store in memcached
should be limited. What is a reasonable size for those objects ?
I was thinking we may want to store the krb ccaches in memcached in
order to be able to keep them around. The reason I ask is that Krb
ccaches can become quite big if PACs are attached to tickets although
they are normally quite small.

Aside for these minor details I totally agree with the direction you are
proposing and I can't wait to see it implemented :)


Simo.


*In the long term we may even decide to stop using mod_auth_kerb and do
our own handling if this simplifies things, but I guess we will need an
interim transition period in any case, because we can't depend on too
many changes to be done at once as a dependency to introduce sessions.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to