[Freeipa-devel] [PROPOSAL] Kerberos flags
Simo Sorce
simo at redhat.com
Fri Mar 8 13:41:26 UTC 2013
On Fri, 2013-03-08 at 10:31 +0100, Jan Cholasta wrote:
> Hi,
>
> On 7.3.2013 21:15, Rob Crittenden wrote:
> > Based on a comment from Sumit in ticket
> > https://fedorahosted.org/freeipa/ticket/3329 here is a bare outline of
> > how one might do it: http://freeipa.org/page/V3/Kerberos_Flags
>
> Can we have one multi-valued attribute which contains names of flags to
> set instead of one attribute per flag? It might make adding new flags
> easier.
if you are cramming everything in one attribute then we can keep using
krbExtraData, no ?
> Would it make sense to add a global configuration option to turn flags
> on or off for all services of a given type?
We might, but how do you check for the global value ?
An additional search for every KDC operation is simply not going to
happen.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list