On Mon, 2011-12-19 at 11:49 -0500, Dmitri Pal wrote:
> On 12/19/2011 11:11 AM, Ade Lee wrote:
> > Hi all,
> > Based on conversations with Adam, Simo and Rob, here are some thoughts
> > on $subject:
> > http://pki.fedoraproject.org/wiki/Merging_IPA_and_Dogtag_Databases
> > I'll probably add more later - like the details on how cloned instance
> > installation will run.
> > Comments are welcome.
> > Ade
> IPA has a notion of the system account too.
> It has system account for Kerberos for example.
> Those accounts are not exposed in UI and there is already a location for
> Have you considered this option?
We do not want to have dogtag have write permission to the IPA tree, so
it is better if dogtag has it's service users in it's own tree. We have
nothing in IPA proper that cares for those anyway as they are
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list