On 05/28/2015 10:02 AM, Jan Cholasta wrote:
> Dne 28.5.2015 v 09:45 Christian Heimes napsal(a):
>> On 2015-05-28 07:32, Jan Cholasta wrote:
>>> Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
>>>> On 2015-05-27 15:51, Nathaniel McCallum wrote:
>>>>> As I understand the problem, there is an assumption that an optional
>>>>> component has a distinct service to start and stop. That is not the
>>>>> case here. This is just new config for apache.
>>>> More details:
>>>> The KDC Proxy uses the same Apache instance as FreeIPAs Web GUI and
>>>> Tomcat. There is no extra service involved. The switch just decides if
>>>> https://ipa.example.org/KdcProxy acts as a MS-KKDCP end point or returns
>>>> a 404 error.
>>> FYI Tomcat does not use the same Apache instance, the Apache instance is
>>> configured to proxy requests to Tomcat.
>>> If the IPA KDC proxy package is not installed on a replica, then going
>>> to /KdcProxy will return 404, right? Why is an additional switch
>>> necessary then?
>> The python-kdcproxy package is a new dependency for the freeipa-server
>> package. It will always get installed with the server.
> Why? None of the IPA core functionality depends on it, so it should be
> optional. Also the overall trend in IPA is to have everything in subpackages.
Do not look at it as a separate component. It is mostly just a new transport
for Kerberos. FreeIPA already provides Kerberos via TCP and UDP. This is a
third transport - HTTP.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code