On Mon, Nov 24, 2014 at 11:04:50AM -0500, Rob Crittenden wrote:
> Outback Dingo wrote:
> > Im curious about monkeysphere http://web.monkeysphere.info/ and how
> > it might compare, integrate, enhance freeipa . any thoughts, or
> > ideas, or is what it does basically already covered via freeipa?
> >
> >
>
> There does seem to be a fair bit of overlap with the SSH key
> distribituion/validation.
>
> We attempt CA fetching in a similar way, by using a trusted mechanism to
> fetch it. We use Kerberos when available.
>
> rob
>
The projects have very different goals - Monkeysphere is
web-of-trust whereas FreeIPA uses centralised authentication and a
chain-of-trust PKI - so I do not see much scope for direct
integration.
Rob's point about some of the underlying mechanisms being similar is
accurate - a cross-pollination of ideas or implementations could
reduce overall effort.
Fraser
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project