On 5.3.2014 23:18, Simo Sorce wrote:
Thanks for reading this far :-)
I will bikeshed this thread a little bit:
Can we use kadmin protocol instead of the proprietary LDAP control?
If I remember correctly one of objections was that we do not allow admin to
read the key but it is not true anymore ... And we have ticket delegation
capabilities so kadmin process can use credentials of requester to contact LDAP.
I really don't like ipa-getkeytab :-) It is yet another proprietary tool. I
would like to allow admins experienced with Kerberos to use normal kadmin.
Freeipa-devel mailing list