On 12/19/2011 03:52 PM, Simo Sorce wrote:
On Mon, 2011-12-19 at 11:49 -0500, Dmitri Pal wrote:
On 12/19/2011 11:11 AM, Ade Lee wrote:
Hi all,

Based on conversations with Adam, Simo and Rob, here are some thoughts
on $subject:
http://pki.fedoraproject.org/wiki/Merging_IPA_and_Dogtag_Databases

I'll probably add more later - like the details on how cloned instance
installation will run.

Comments are welcome.

Ade

Ade,

IPA has a notion of the system account too.
It has system account for Kerberos for example.
Those accounts are not exposed in UI and there is already a location for
them.
Have you considered this option?
We do not want to have dogtag have write permission to the IPA tree, so
it is better if dogtag has it's service users in it's own tree. We have
nothing in IPA proper that cares for those anyway as they are
application specific.

Simo.

Agreed. The general rule should be that each application gets its own Subtree.

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to