On 03/29/2014 08:54 AM, Stijn De Weirdt wrote:
hi all,
IMO we should not treat the OTP we set for the host enrollment as a
kerberos password.
I would rather record a time of the creation and validity period when
the password is set in two new attributes. The validity period should be
optional
On Sun, 30 Mar 2014, Nordgren, Bryce L -FS wrote:
Hey guys,
Back again. Thanks for your responses so far.
OTP is interesting, but requires that an account be created in the
local domain, which is kind of opposed to the notion of federated
identities.
Ipsilon is also interesting, from its
I think it does not really differ from what I described, conceptually.
It is, however, requiring much more work than what I described.
FreeIPA has flat LDAP DIT. Adding support for separate OUs is in itself a non-
trivial task.
Ah. Well since that's the case, separate OUs are gone. (You may
On 03/30/2014 03:14 PM, Nordgren, Bryce L -FS wrote:
I think it does not really differ from what I described, conceptually.
It is, however, requiring much more work than what I described.
FreeIPA has flat LDAP DIT. Adding support for separate OUs is in itself a non-
trivial task.
Ah. Well