On 04/18/2016 10:31 AM, Martin Kosek wrote: > On 04/08/2016 05:10 PM, Martin Babinsky wrote: >> Hi list, >> >> I have put together a draft [1] outlining the effort to reimplement the >> handling of Kerberos principals in both backend and frontend layers of >> FreeIPA >> so that we may have multiple aliases per user, host or service and thus >> implement stuff like https://fedorahosted.org/freeipa/ticket/3961 and >> https://fedorahosted.org/freeipa/ticket/5413 . >> >> Since much of the plumbing was already implemented,[2] the document mainly >> describes what the patches do. Some parts required by other use cases may be >> missing so please point these out. >> >> I would also be happy if you could correct all factual inacurracies, I did >> research on this issue a long time ago and my knowledge turned a bit rusty. >> >> [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases >> [2] https://www.redhat.com/archives/freeipa-devel/2015-October/msg00048.html > > Thanks! Looking on the planned API/CLI, besides the typo ("prinicpal"), I also > see that you are using the Kerberos attributes in the raw name > ("--krbprincipalname"). This is not consistent with the CLI form when they are > used in other commands: > > ... > Str('krbprincipalname?', validate_principal, > cli_name='principal', > label=_('Kerberos principal'), > default_from=lambda uid: '%s@%s' % (uid.lower(), api.env.realm), > autofill=True, > flags=['no_update'], > normalizer=lambda value: normalize_principal(value), > ), > DateTime('krbprincipalexpiration?', > cli_name='principal_expiration', > label=_('Kerberos principal expiration'), > ), > ... > > IMO, it should be rather "--principal" and "--principal-alias". > > Martin >
Bump. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
