On 2008-06-12, Rich Megginson <rmeggins at redhat.com> wrote: >> Is the normal procedure for managing users: >> >> - add user info to the directory (ldapadd) >> - create user principal (addprinc username) >> >> Or can the creation of user principal be automatically created >> from within fds when we create users there ? >> > freeipa.org is a project dedicated to answering this and other similar > ldap+kerberos questions. That felt a bit like an "Active Directory is a solution that does what you're trying to do, why don't you just use that" answer.. ;-) I know about freeipa.org, have read most of the documentation and even lightly tested it. But, freeipa expects you to add/manipulate users trough a webgui, or specialized freeipa-commands. That doesn't tell me much about what's happening behind the scene.. Also, we already have an identity management solution deployed (Sun Identity Manager), so my question is mostly if it should just update the directory server, and have the directory server create the kerberos principals. Or if it needs to know about both resources, and keep them both in sync. -jf
