Jan Frode Myklebust wrote: > On 2008-06-12, Rich Megginson <rmeggins at redhat.com> wrote: > >>> Is the normal procedure for managing users: >>> >>> - add user info to the directory (ldapadd) >>> - create user principal (addprinc username) >>> >>> Or can the creation of user principal be automatically created >>> from within fds when we create users there ? >>> >>> >> freeipa.org is a project dedicated to answering this and other similar >> ldap+kerberos questions. >> > > That felt a bit like an "Active Directory is a solution that does what > you're trying to do, why don't you just use that" answer.. ;-) > Well, if you are just starting out with Fedora DS + Kerberos, that would be the way to go - but since you're not . . . > I know about freeipa.org, have read most of the documentation and even > lightly tested it. But, freeipa expects you to add/manipulate users trough > a webgui, or specialized freeipa-commands. That doesn't tell me much > about what's happening behind the scene.. > > Also, we already have an identity management solution deployed (Sun Identity > Manager), so my question is mostly if it should just update the directory > server, and have the directory server create the kerberos principals. Or if > it needs to know about both resources, and keep them both in sync. > . . . you have to know about both resources, and keep them both in sync. I don't know much about Sun Identity Manager - perhaps it has tools to help you do this. > > -jf > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080613/2bd9275c/attachment.bin
