The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
version 2.0.
FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.
P is for Policy. One aspect of policy management that has the potential to be the killer feature is centralized SUDO.
You will need two profiles: I use my default for my corporate setup, and a new one for development.
(Note:Â if you want to keep open a browser, you can use the –no-remote switch so that Firefox doesn’t ignore your pleas to use a different profile, and instead just makes another window that uses the same one.)
firefox -P kfrog –no-remote &
Go through the steps to create another profile.
In the second window, you need to establish kinit, but running with a different TGT. You do this with an environment variable:
export KRB5CCNAME=/tmp/krb5ccache
kinit kfrog@TESTREALM.COM
Close and restart firefox.
firefox –no-remote -P ayoung &
FreeIPA makes Kerberos a lot less painful.
Since My development now needs to target F14, not F13, I figured I start using a F14 virtual machine, but leave my F13 VM alone, just in case I needed something off of it. Well, it turns out I do need something off of it. But why should I have to wait for it to boot in order to see it? I can mount it loop back, right…
(reposted from the mailing list)
The FreeIPA project team is pleased to announce the availability of the Beta 1 release of freeIPA 2.0 server [1].
The below is my notes on how DNS is used. This document is neither accurate nor authoritative, just meandering. You’ve been warned.
From what we are seeing and what I’ve read, the browser seems to send a JSON request with no Auth info, and then the whole SPEGNO handshake takes place, turning what should be a single request response into (at a minimum) two. It seems to me that we should be able to avoid that after the initial auth has taken place.
Is there any way to cache SPEGNO information such that successive JSON RPC calls provide the needed information automatically, instead of requiring multiple round trips per request?
Any Fedora people worked with this stuff and know how to optimize it? Do I need to revert to a Cookie based approach?
I’m working through the issues getting the unit tests to run cleanly. Here’s my setup:
One of the benefits of web APIs is that we can use command line tools to call them. FreeIPA is no different, but perhaps a hair trickier, as it combines the use of Kerberos with a strict JSON format. Getting it right took a little trial and error.
Continue reading