On Mon, Nov 24, 2014 at 11:04:50AM -0500, Rob Crittenden wrote:
Outback Dingo wrote:
Im curious about monkeysphere http://web.monkeysphere.info/ and how
it might compare, integrate, enhance freeipa . any thoughts, or
ideas, or is what it does basically already covered via freeipa?
There does seem to be a fair bit of overlap with the SSH key
distribituion/validation.
We attempt CA fetching in a similar way, by using a trusted mechanism to
fetch it. We use Kerberos when available.
rob
The projects have very different goals - Monkeysphere is
web-of-trust whereas FreeIPA uses centralised authentication and a
chain-of-trust PKI - so I do not see much scope for direct
integration.
Rob's point about some of the underlying mechanisms being similar is
accurate - a cross-pollination of ideas or implementations could
reduce overall effort.
Fraser
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
