On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote:
> Comments? Suggestions?
Sorry for the late reply.

First of all, excellent write-up John, it is very comprehensive and lays
down things very clearly.

I agree that using ipa:ipa for memcached and wsgi would be a better
proposition for us. Although we need to explore how this would affect
credential caches created by mod_auth_kerb and our ability to use them,
which is crucial*.

You say that object sized for the stuff we will store in memcached
should be limited. What is a reasonable size for those objects ?
I was thinking we may want to store the krb ccaches in memcached in
order to be able to keep them around. The reason I ask is that Krb
ccaches can become quite big if PACs are attached to tickets although
they are normally quite small.

Aside for these minor details I totally agree with the direction you are
proposing and I can't wait to see it implemented :)


*In the long term we may even decide to stop using mod_auth_kerb and do
our own handling if this simplifies things, but I guess we will need an
interim transition period in any case, because we can't depend on too
many changes to be done at once as a dependency to introduce sessions.

Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to