Mike McGrath wrote: > On Thu, 30 Apr 2009, Ricky Zhou wrote: >> In some distant future version of FAS, I'd >> like to play with the idea of storing the data in LDAP while handling >> our group sponsorship system in postgres. >> > > Ick > heh :-) I think ricky's approach could work but it would need planning. The idea would be to increase the complexity of FAS but decrease the complexity for everything we deploy that needs authentication. We'd want to examine that assumption in the planning phase to make sure it's actually true for us. For instance, there was the thought that having cached credentials on our servers was preferable to what happens to when the LDAP server goes down. Still a concern? We currently mask a lot of information for the privacy policy, can we do that with LDAP? (Or just not put the information in there?) We let third parties (like the hosts to let packagers try building on ppc, x86_64, etc) use fas to get ssh keys. Would we let them connect to and get that information from the LDAP server instead? We let people use their normal accounts to get a subset of data for authenticating to their web apps while they're developing them. Would we enable the same setup with LDAP? -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
