[Freeipa-users] Policy functionality of 2.0 requirements dropped?

Dmitri Pal dpal at redhat.com
Mon May 3 23:58:23 UTC 2010 

Sean Brady wrote:
>
> On 05/03/2010 04:32 PM, Stephen Gallagher wrote:
>> On 05/03/2010 06:11 PM, Sean Brady wrote:
>>> I just checked out the requirements document for 2.0 again and I see
>>> that the policy and audit sections indicate that those requirements
>>> have
>>> been dropped. I didn't see anything on this list about that, although I
>>> admit I haven't had time to follow that closely.
>>>
>>> Can anyone comment on why these have been dropped, and what would
>>> replace that functionality? One area of specific concern would be the
>>> removal of 1.3.8, "Integrate machine into the existing network by
>>> downloading and applying policies related to the machine (network
>>> settings, policy, printers)"...
>>>
>>> Thanks all.
>>>
>>>
>> You could try Puppet (http://puppet.reductivelabs.com/), which provides
>> most of the functionality IPA v2 was originally going to provide.
>>
>>
>
>
> I was just curious as to the reasoning behind the change. I'm not
> really that upset about it or anything, except for the configuration
> download part. That was something that I was really looking forward
> to. It was just a little bit of a shock to see that on the site
> without seeing anything about it here first.
>
> And as for Puppet, I just can't bring myself to install Ruby on my
> servers and give up the extra RAM that it needs. They are all tuned
> VM's that use just enough resources. Perhaps I am succumbing to FUD,
> but it's not worth it at this point. Maybe this change in direction
> with FreeI will change that.
>
> Well, I suppose now we need to change the name to FreeI, since the PA
> are gone :).

This change happened quite some time ago.
And as far as I recall there have been an announcement about it.
We can dig archives but I remember writing about it.

Also the web site has been updated several months ago to reflect the
reality.
The IPA is still IPA though. We are not going to change the name.
The goal is ambitious but still doable.
But the change of course is that for policy management we should not
invent the wheel but rather integrate with one of the exiting
system/configuration management solutions. And when time comes we will
look in this.
The same with the audit. The problem of audit needs to be solved with
the open source solution eventually but currently this space is very
crowded and we have not enough resources to solve I, P & A at the same
time. We realized that it is not realistic and decided to focus on I and
make it right. There is plenty of work in this area that would be more
interesting for everybody than trying to build audit. I am talking about
cross domain trusts, key management, user authentication with the smart
cards and other features that land on the I side.



-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list