[Freeipa-devel] things to be stored
Simo Sorce
ssorce at redhat.com
Fri Nov 2 17:54:04 UTC 2007
On Fri, 2007-11-02 at 13:11 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > The server itslef accepts anonymous connections, so we have 2 options I
> > guess:
> > 1) let's permit anonymous searches on the IPA GUI conf container
> > 2) let's give turbogear a keytab (it can probably just use the apache
> > keytab anyway) to access this information.
>
> We don't want any special sauce that only our web-gui can use. Every
> interface needs to be public if at all possible (so others can dump our
> GUI if they want and have the same capabilities).
Not proposing any special sauce here, this should be available to all as
you say..
> And for a little more info.
>
> If we have an unauthenticated URI it means I'll need to make another
> XML-RPC listener. Not a huge deal but it will be some work.
I guess you can use the apache keytab when needed then.
> If this stuff is only read on start-up it means that web interface needs
> to be restarted when changes are made. Is it acceptable to simply
> retrieve this each time?
It depends what it means each time.
Any chance we can do a time based caching? Retrieve it every 5 minutes
or so if there are requests? Does it make any simpler ?
Simo.
More information about the Freeipa-devel
mailing list