[Freeipa-devel] Summary of the 1204 ticket design

Dmitri Pal dpal at redhat.com
Mon Jun 6 23:23:44 UTC 2011 

Hello,

https://fedorahosted.org/freeipa/ticket/1204

I had an action item to define in more details the design for this
ticket based on the design threads that we had in the past.
For more details see thread called: [Freeipa-devel] Summary of Session
discussion

Several things have been looked together and we decided that we want to
introduce server side session object to be able to reduce number of the
kerberos re-negotiations.

The ticket 1204 covers only the problem of IPA framework requesting a
ticket to access LDAP service per request.
For that we need:
1) Check that python-krbV supports a way of sticking a ticket into
credential cache
2) On any incoming request try to get the cached ticket from cred cache.
If it is there and not expired use it. If it is expired, drop it.
3) If there is no valid ticket acquire it and add to the cache

The other part that is not covered in ticket 1204 is related to the
using cookies for the XML-RPC client and Browser.
These are tickets 215 (https://fedorahosted.org/freeipa/ticket/215) and
225 (https://fedorahosted.org/freeipa/ticket/225).
These are not planned for IPA 2.1 at the moment. If we see that it makes
sense to bring them in let me know but our plate is full enough.

However it makes sense to mention that the idea about ticket 225 is
similar to the one for 1204.
The client will follow the same logic except that it will use the cookie
issued by the server and stick the cookie into the credential cache on
the client.
As far as I understand there is no need to have anything stored on the
server to match this cookie, right?
If yes it might make sense to drill down into this as we implement the
solution for 1204.
Let me know if I missed anything.

There we couple other things discussed in the same thread:
The pagination is solved differently for now while the file upload has a
bit different twist on the session object of the server.
We will drill down into the details as the ticket 1225
(https://fedorahosted.org/freeipa/ticket/1225) is designed and implemented.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-devel mailing list