On Mon, 08 Aug 2016, Martin Kosek wrote:
On 08/05/2016 02:57 PM, Tibor Dudlak wrote:
Hi,

I have extended my previous patch for authentication with user
certificate/smartcard. This patch includes patches and plugin described here:
http://www.freeipa.org/page/V4/External_Authentication/Setup
Page also contains steps to configure and test this feature. Once this patch is
merged and released we will simplify this page to not confuse customers.
Addressing ticket: https://fedorahosted.org/freeipa/ticket/5764

Thanks.

I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so let
me repeat my suggestion here. I still think it is premature to add plugins like
that to FreeIPA core git. We are not agreed yet how we will distribute FreeIPA
plugins, so I would not rush adding this plugin to FreeIPA core, especially
since it is very experimental and not even secure yet. FreeIPA plugin
distribution should be more thought through and discussed.

As I proposed, this plugin can now live outside of FreeIPA core git, in it's
own life cycle (maybe in freeipa-plugins github git repo we create?) so that it
can be updated without updating whole FreeIPA core. In this effort, I would
suggest to only consider updates of

* ipaserver/plugins/xmlserver.py
* ipaserver/rpcserver.py

as these would have to patched by admin deploying this feature and would be
overwritten by RPM updates. The plugin itself or server.conf can be deployed
and installed separatenly, even via other RPM.
Right. This was my thinking too when I saw the patches.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to