On 11/27/2015 01:39 PM, Jan Cholasta wrote:
On 27.11.2015 13:10, Petr Vobornik wrote:
On 11/27/2015 12:46 PM, Petr Spacek wrote:
On 27.11.2015 09:00, Jan Cholasta wrote:
On 27.11.2015 08:33, Martin Kosek wrote:
On 11/27/2015 07:05 AM, Jan Cholasta wrote:
On 26.11.2015 17:15, Petr Vobornik wrote:
New topology management gives names to managed suffixes:
ipaca: o=ipaca
realm: dc=example,dc=com
We already had several offline discussions to change the names
because
they could be better. It would be difficult to change them after
release
of 4.3.
New proposals:
ca for o=ipaca
domain for dc=example,dc=com
What do you think?
+1
ca is probably fine. Domain also, although the original realm name
is OK
with me too, domain has too many meanings and can be confused with DNS
domain.
Realm is too Kerberos-specific. The names are visible only in topology
context, so I don't think it would be confusing. When you say "the
domain
suffix", it describes the suffix pretty correctly IMHO.
Here I agree with Martin that domain is too overloaded term, so I
would prefer
realm or so.
Also, I do not think that 'Realm is too Kerberos-specific' is a valid
argument
because 'domain is too DNS-centric' :-)
I guess we could find arguments for both 'domain' and 'realm'. :) I
don't have strong opinions on any.
Actually, DN of the suffix consist of several 'DC' RDNs. DC is an
initialism of "domain component". Several components create a domain so
domain is correct ;)
"Domain" is also used by AD and in our documentation IIRC.
We also have "domain levels" and not "realm levels" and IPA domain level
has very little to do with DNS.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
