On Wed, 2011-11-30 at 17:33 -0500, John Dennis wrote: > Comments? Suggestions? > Sorry for the late reply.
First of all, excellent write-up John, it is very comprehensive and lays down things very clearly. I agree that using ipa:ipa for memcached and wsgi would be a better proposition for us. Although we need to explore how this would affect credential caches created by mod_auth_kerb and our ability to use them, which is crucial*. You say that object sized for the stuff we will store in memcached should be limited. What is a reasonable size for those objects ? I was thinking we may want to store the krb ccaches in memcached in order to be able to keep them around. The reason I ask is that Krb ccaches can become quite big if PACs are attached to tickets although they are normally quite small. Aside for these minor details I totally agree with the direction you are proposing and I can't wait to see it implemented :) Simo. *In the long term we may even decide to stop using mod_auth_kerb and do our own handling if this simplifies things, but I guess we will need an interim transition period in any case, because we can't depend on too many changes to be done at once as a dependency to introduce sessions. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel