On 04/18/2016 10:31 AM, Martin Kosek wrote:
> On 04/08/2016 05:10 PM, Martin Babinsky wrote:
>> Hi list,
>>
>> I have put together a draft [1] outlining the effort to reimplement the
>> handling of Kerberos principals in both backend and frontend layers of 
>> FreeIPA
>> so that we may have multiple aliases per user, host or service and thus
>> implement stuff like https://fedorahosted.org/freeipa/ticket/3961 and
>> https://fedorahosted.org/freeipa/ticket/5413 .
>>
>> Since much of the plumbing was already implemented,[2] the document mainly
>> describes what the patches do. Some parts required by other use cases may be
>> missing so please point these out.
>>
>> I would also be happy if you could correct all factual inacurracies, I did
>> research on this issue a long time ago and my knowledge turned a bit rusty.
>>
>> [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases
>> [2] https://www.redhat.com/archives/freeipa-devel/2015-October/msg00048.html
> 
> Thanks! Looking on the planned API/CLI, besides the typo ("prinicpal"), I also
> see that you are using the Kerberos attributes in the raw name
> ("--krbprincipalname"). This is not consistent with the CLI form when they are
> used in other commands:
> 
> ...
>         Str('krbprincipalname?', validate_principal,
>             cli_name='principal',
>             label=_('Kerberos principal'),
>             default_from=lambda uid: '%s@%s' % (uid.lower(), api.env.realm),
>             autofill=True,
>             flags=['no_update'],
>             normalizer=lambda value: normalize_principal(value),
>         ),
>         DateTime('krbprincipalexpiration?',
>             cli_name='principal_expiration',
>             label=_('Kerberos principal expiration'),
>         ),
> ...
> 
> IMO, it should be rather "--principal" and "--principal-alias".
> 
> Martin
> 

Bump.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to