Hi,

On to, 02 helmi 2017, Gorazd wrote:
Hi Fraser,

thank you for your comment.

Still doing some decision making, could anyone know if for example KeyCloak
(as identity and acces managment solution)+DogTag could have the same or
better experience (since dogtag has more features than IPA's bundeled
dogtag) than using Freeipa, what are really the benefits of FreeIPA to use
it as a system for IdM and PKI solution, is that really just that it has
integrations with RADIUS also supported, so to be also ready for the deploy
within typical enterprise environments?

FreeIPA attempts to make easier deployment of common use cases we've
seen so far. There are two limiting factors: 1) available people who can
do the work (contributions are welcome!), and 2) priorities that come
from paying customers for those teams that could contribute development
resources. In short, a software needs to be written and maintained, that
does not happens by itself.

If someone wants to use more advanced Dogtag features, they are free to
work with Dogtag and FreeIPA to contribute an integration pieces. Most
of such integration requires changes on the Dogtag side as well -- we
discovered multiple times that in order to automate/simplify/etc we have
to change on both sides, so a deeper development cooperation between
those projects was always needed (and was/is happening). Finally,
talking to Dogtag developers directly to get an advise what is possible
on their side is an option too.

Obviously, doing a joint development takes time and has to be planned
out. In some cases you might be not being able to contribute that time
or your goals are to deploy within a shorter time frame. This means your
other option could be to either use Dogtag directly or look for
alternatives.

From my perspective it is just perfectly fine to make an informed
decision to not use FreeIPA. It is also perfectly fine to consider
installing additional Dogtag components and take responsibility of
supporting a resulting deployment setup. Each situation has own
constraints and limitations which only you are aware of, not other
members of extended community. And only you can decide what amount of
effort could be put to achieve your goals.


Thank you in advance,
Gorazd



On Thu, Feb 2, 2017 at 1:11 AM, Fraser Tweedale <ftwee...@redhat.com> wrote:

On Wed, Feb 01, 2017 at 09:44:34PM +0100, Gorazd wrote:
> Hello,
>
> i am interested if there is any feature matrix available for FreeIpa
> version of dogtag packaging. So which features of DogTak are not included
> or does come with limitations when installed with Freeipa (such as OCSP
is
> already part of CA and could not be installed seperately), in contrast
when
> on uses Dogtag as a standlone software installation?
>
FreeIPA does not use the standalone OCSP responder, or the token
processing subsystems (TKS/TPS).  There is nothing preventing you
from installing them, but FreeIPA won't help you to do that, and
there is no integration.

Cheers,
Fraser

> Thank you in advance.
>
> Regards,
> Gorazd

> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to