On 13.9.2013 10:53, Martin Kosek wrote:
On 09/13/2013 10:51 AM, Jan Cholasta wrote:
On 5.9.2013 10:28, Jan Cholasta wrote:
On 3.9.2013 18:16, Dmitri Pal wrote:
On 09/02/2013 04:49 AM, Petr Spacek wrote:
It reminds me problems with key-rotation for DNSSEC.
Could we find common problems and use the same/similar solution for
both problems?
An extension for certmonger? Oddjob? Or a completely new daemon?
Certmonger already has a way to:
1) Check things periodically
2) Hand certs in different places
3) Run post op scripts
IMO it is a good candidate but I would leave it to Nalin to chime in.
I would expect more things that require periodic checking on clients
beyond certificates to come in the future, so I'm not sure if doing this
in certmonger is the right thing to do. Also, SSSD already does a
similar thing for realm domains, right?
Are you suggesting extending SSSD to handle that?
Yes.
Honza
So, does anyone have any strong opinions on this?
Not at this point. BTW, is there any reason why we cannot go the simple way and
just utilize cron and a script? Previously we just dropped conf to /etc/cron.d
for ipa-compliance script and it worked quite well.
Hmm, that's so simple it might just work. At least until there is a
better way.
Martin
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
