[katello-devel] [foreman-dev] Signo and shared user management
Ivan Necas
inecas at redhat.com
Thu Jun 20 09:47:34 UTC 2013
----- Original Message -----
> On Thu, Jun 20, 2013 at 09:50:19AM +0200, Marek Hulan wrote:
> > What do teams think? Ohad, Mike would you support such change?
>
> Guys,
>
> I am having an impression we are trying to build another directory
> service here. Why? Foreman/Katello are configured with our
> (puppet-based) installer and if you want to integrate those two
> projects, why not to add OpenLDAP or any other easy-to-configure
> directory service into our installer.
>
> Instead we are trying to find a way to integrate CLI with Signo, but hey
> wait - we also need to support Kerberos. So we will implement both.
> Please don't get me wrong, maybe I miss a little detail that Signo
> brings. Or it's just lack of sleep.
>
> To me it sounds like we are investing resources into something that can
> be replaced with including OpenLDAP + KRB in our installer. At the very
> beginning, discussion ended up with "we want let users to install
> Katello/Foreman without LDAP", but writing our own LDAP does not solve
> the issue.
As I described in my previous mail I've just wrote, the issue we're trying
to solve is being able to say, that user has some level of permissions on
one place and guarantee, that in all the subsystems, he will be able to do
that.
Of course, from the Katello/Foreman perspective, it doesn't matter where
the information about user roles come from. The advantage of using Signo
as a provider for this is abstracting what's available in the infrastructure.
I understand this efford more as a front-end level. That doesn't mean
we can't use LDAP as a backend. But we still want a common place to manage
this things. And what backend to use for it is just an implementation detail.
-- Ivan
>
> What was blocking us from the embedded OpenLDAP+KRB solution in the
> first place?
>
> --
> Later,
>
> Lukas "lzap" Zapletal
> irc: lzap #theforeman
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
More information about the katello-devel
mailing list