[Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.
Simo Sorce
ssorce at redhat.com
Fri Oct 30 20:32:06 UTC 2009
On Fri, 2009-10-30 at 16:25 -0400, Dmitri Pal wrote:
> Simo Sorce wrote:
> > On Fri, 2009-10-30 at 15:57 -0400, Rob Crittenden wrote:
> >
> >> The message is not configurable, it just says that something is
> >> trying
> >> to modify your user preferences.
> >>
> >
> > And rightly so, this is a security warning. If it were modifiable a
> > rogue server could change the message to ask: "do you like bacon ?"
> > To which *everyone* would have to answer Yes :-)
> >
> > Simo.
> >
> >
> Modifiable by the program no, I agree. But configurable centrally on per
> server basis why not?
Dmitri, this is a message the *client* shows the user, and the job of
the client is to prevent servers to play with it ...
> I would say that it would be nice to be able to configure FF centrally to:
>
> * Automatically accept cert from IPA.
> * Have a right configuration in the preferences for kerberos
Certainly, but out of band, you can't do this from a Web Server you are
connecting to. This is a job for puppet/cfengine/etc...
> I think it all boils down to enhancements to FF.
> Let me see what I can do about it.
Nothing, you'd be asking to break a security feature of the browser ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list