I've run out of time for today, but the external collaboration pages are slowly 
evolving.


http://www.freeipa.org/page/External_Users_in_IPA

Dimitri observed that my RFE page was too long. I observe it also has too much 
stuff unrelated to the actual meat of the RFE. So I factored out most of the 
Kerberos stuff into a different page. I also tried to focus the RFE to just 
creating entries in LDAP for external users so they can: a] participate in 
POSIX groups; and b] have locally-defined POSIX attributes.

http://www.freeipa.org/page/Collaboration_with_Kerberos

This is where all the Kerberos stuff went. I also added  in "Option A" from 
Petr's email. Option B will come along later, when I pick this up again. 
Mechanism three has more to do with Ipsilon than IPA, and basic functions 
required of the Ipsilon gateway server are articulated there (regardless of the 
particular authentication method.)

Send comments to the list. I really appreciate Option A! Send more stuff I 
didn't think of.

Bryce




This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 
immediately.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to