On 12/02/2011 04:06 PM, Stephen Gallagher wrote:
1) SSSD caching instead of nscd
Winbind has its own cache. We do not want to implement the yet another one causing confusion, do we?
2) Support for multiple AD domains without trust
If needed, winbind itself should provide this functionality.
3) One-to-one mapping of identity domain to authentication domain (so you're not exposing your password to multiple authentication domains until you find the right one, as with traditional PAM).
Yes, That's true, but honestly, who is using it, is it worth the effort?I am not saying no, of course, everything has its own special use. What I think that we need is the *simplicity*. We need to have a clear and simple rules where to go if windows/ipa/... backend is needed. Most system admins see sssd as a cleverer libnss_ldap.so provider - and that is how it should stay, I believe....
Ondrej The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communicati...@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users