Hi,

I will ask....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rich Megginson [rmegg...@redhat.com]
Sent: Thursday, 26 July 2012 12:28 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] winsync msi

On 07/25/2012 06:11 PM, Steven Jones wrote:
> Hi,
>
>  From a RH support case as I dont have access to the RDS channel.

We just updated the RHEL 6.3 downloads to have the RedHat-PassSync .msi
files.

>
> No, its doesn't allay my Windows and security ppls concerns....

I was speaking specifically about your original concerns:

"No not specific developers but some sort of statement of ownership from
RedHat I suppose. So they are I assume looking for some sort of
confidence that it wont trash AD and if I install it and it does trash
our AD some liability."

Does the fact that you are now getting a Red Hat branded binary from an
official Red Hat download site allay these particular fears?

>
> http://port389.org/wiki/Download
>
> "This is an Active Directory "plug-in" that intercepts password changes made 
> to AD and sends the clear text password to 389 DS to keep the passwords in 
> sync (when using the Windows Sync feature of 389 DS).
>
> Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. "

"This is an Active Directory "plug-in" that intercepts password changes
made to AD Domain Controllers and sends the clear text password over an
encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync.
It works in conjunction with the Windows Sync feature of 389. You must
install this on every Domain Controller. "

Better?

>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rich Megginson [rmegg...@redhat.com]
> Sent: Thursday, 26 July 2012 11:59 a.m.
> To: Steven Jones
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] winsync msi
>
> On 07/25/2012 02:41 PM, Steven Jones wrote:
>> Hi,
>>
>> Ah ok, I have the "official" one.
>    From where did you get it?  And does it allay your concerns?
>
>> One thing on the free site, it says the password is transmitted as clear 
>> text, no mention of over an encrypted secure channel....the security guys 
>> had a fit.....so if you update that web page it would help the cause.
> Which page is that?  The Howto:WindowsSync?
>
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: Rich Megginson [rmegg...@redhat.com]
>> Sent: Thursday, 26 July 2012 1:58 a.m.
>> To: Steven Jones
>> Cc: freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] winsync msi
>>
>> On 07/24/2012 03:15 PM, Steven Jones wrote:
>>> Hi Rich,
>>>
>>> I can appreciate what you are saying, but....
>>>
>>> Not on Windows but specifically AD, the very core of our 21,000+ user base, 
>>> that makes such an add on significant and gets focus. What we have seen 
>>> with another similar (yes, commercial) MSI was a clash with another MSI 
>>> added to AD, the result was not pretty....hence the Windows ppl are very 
>>> careful when something like this is proposed.
>>>
>>> So actually some sites where this has been installed commercially would be 
>>> good, if need be I can raise a call to RH support? or RH NZ rep to get that 
>>> info in confidence / NDA.
>>>
>>> IPA like AD is not just another application, its at the very centre of 
>>> everything. For us it will be the second or third most important system we 
>>> have.  It will probably connect us to ppl across the world and them to us 
>>> (via federation/shibboleth) let alone our internal user base.
>>>
>>> Lets see if I can show this, so 99.9% uptime on an application is 9 hours 
>>> off line per year.....per user.....say 100 users?
>>>
>>> So 1 hour off line in a business day with 21,000+ users.....21,000 hours 
>>> lost plus all the meetings on why and how to make sure it wont happen 
>>> again.  If we were down for say a day or two....it would be in the IT if 
>>> not National papers....(yes OK NZ is small)....I think my new occupation 
>>> and some of the managers would be....road sweeping.....this makes them very 
>>> risk adverse.
>>>
>>> Crazy thing of course is, yes IPA is free.......
>>>
>>> ;]
>>>
>>> I can appreciate things seem very strange in that context.  Consider that 
>>> its taken me 7 years to go from being employed specifically long enough to 
>>> get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 
>>> 100 RHEL servers with most of the mission critical things on them.....all 
>>> down to the quality of open source really......proof is in the 
>>> eating....its proven very tasty......
>> Ok.  If you are a Red Hat paying customer, you should get the
>> RedHat-PassSync .msi from an official Red Hat channel.  We are working
>> on addressing this issue.
>>> :)
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> ________________________________________
>>> From: Rich Megginson [rmegg...@redhat.com]
>>> Sent: Wednesday, 25 July 2012 2:54 a.m.
>>> To: Steven Jones
>>> Cc: freeipa-users@redhat.com
>>> Subject: Re: [Freeipa-users] winsync msi
>>>
>>> On 07/23/2012 06:32 PM, Steven Jones wrote:
>>>> Hi,
>>>>
>>>> No not specific developers but some sort of statement of ownership from 
>>>> RedHat I suppose. So they are I assume looking for some sort of confidence 
>>>> that it wont trash AD and if I install it and it does trash our AD some 
>>>> liability.
>>> Can you point me at another open source project that provides Windows
>>> binaries that provides some sort of guarantee or statement or
>>> documentation like this?  I'd like to see what other projects do and
>>> provide something similar.
>>>
>>> Or is this the first (and only?) time anyone in your organization has
>>> ever installed any open source software on Windows?
>>>
>>>> regards
>>>>
>>>> Steven Jones
>>>>
>>>> Technical Specialist - Linux RHCE
>>>>
>>>> Victoria University, Wellington, NZ
>>>>
>>>> 0064 4 463 6272
>>>>
>>>> ________________________________________
>>>> From: Rich Megginson [rmegg...@redhat.com]
>>>> Sent: Tuesday, 24 July 2012 12:11 p.m.
>>>> To: Steven Jones
>>>> Cc: freeipa-users@redhat.com
>>>> Subject: Re: [Freeipa-users] winsync msi
>>>>
>>>> On 07/23/2012 05:38 PM, Steven Jones wrote:
>>>>> Hi,
>>>>>
>>>>> For the winsync agreement my Windows and security teams want to know its 
>>>>> details,
>>>>>
>>>>> eg who wrote it,
>>>> Red Hat - do you need to know the names of the developers?
>>>>
>>>>> it is Microsoft certified etc.
>>>> Not that I know of - how would one go about doing that?
>>>>> Where will I find such info?
>>>>>
>>>>> All I have is
>>>>>
>>>>> http://port389.org/wiki/Download
>>>>>
>>>>> Which doesn't tell me much.
>>>> There is more info in the actual .msi file.
>>>>> regards
>>>>>
>>>>> Steven Jones
>>>>>
>>>>> Technical Specialist - Linux RHCE
>>>>>
>>>>> Victoria University, Wellington, NZ
>>>>>
>>>>> 0064 4 463 6272
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users@redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to