> On 24 Jan 2018, at 15:17, Rob Crittenden <rcrit...@redhat.com 
> <mailto:rcrit...@redhat.com>> wrote:
> This is great feedback, thanks.
> You might be able to get away with an IPA client in this case. sssd will
> cache credentials. This wouldn't cover the case where someone hasn't
> used the door yet, power goes off, and they need to open it though.

Yes, that is the backup plan in case I can’t get the replica to work with the 
very limited amount of RAM I have (either 256 or 512 MB). It’s a fun project 
for my hackerspace so the cost of failure is not that high.

> I suspect that running without a CA is much more viable, but 389-ds can
> be resource-intesive as well depending on how many entries you have.

I’m expecting we won’t have more than 150 users, so it shouldn’t be that big of 
a problem.

Aljaž Srebrnič a.k.a g5pw
My public key:  https://g5pw.me/key <https://g5pw.me/key>
Key fingerprint = 2109 8131 60CA 01AF 75EC  01BF E140 E1EE A54E E677

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to