Hi , This is nice posting about FreeIPA status in Debian world. If we discuss Enterprise it should come on the top of the Top 10 or Top 20...
Best Longina -----Original Message----- From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Dmitri Pal Sent: 1. september 2013 02:52 To: Michał Dwużnik Cc: freeipa-devel; End-user discussions about the System Security Services Daemon; Development of the System Security Services Daemon; freeipa-us...@redhat.com Subject: Re: [SSSD-users] [Freeipa-users] FreeIPA on Debian On 08/31/2013 03:50 PM, Michał Dwużnik wrote: > Hi guys, > > > I do not know whether it will reach ALL the lists Dmitri put in, but anyway: > > I do am interested heavily in getting a nice inter distro product (and > if sth works both on RH-like and Deb-like distros that's quite some > bases covered...) I'm afraid I'm not able to take the responsibility > of building the deb support myself (no skills, no time), but feel like > I do need it and I can spent some considerable time testing (I'm still > having a production NIS around and I would like to test the > interoperability when it stops being 'production'...) builds if they > appear... > > I feel like IPA is getting the well established components and builds > an added value ON them and not AGAINST them, making life easier (and > hiding the not so beatiful guts under a nice interface, too...): > Integrating KRB5 and LDAP is something people do every now and then, > but it comes with cnsiderable pain of reading contradictory guides not > updated for 10 years, dealing with examples using crypto mechanism > that should be long forgotten... > ('first, before configuring LDAP set up KRB5, having a test principal > get back to this LDAP guide' > and some two links away: > 'first, get the your LDAP feet wet, when you're able to do ldapsearch > get back and construct those ldifs to build krb5 database in ldap' > followed by 'make a new realm, but don't use krb5_newrealm'...). > > Freeipa gives hope of NOT having to deal with cn=config manually, > (it's a really nice thing, but ldifs are sth that should be hidden > from view, and most guides for ldap/krb5 integration require creating > LOTS of those 'by hand', which makes quite a steep learning curve...). > The abundance of PAM modules for ldap/krb5 does not make it any easier > (shishi? heimdall? MIT?; libpam-ldap or libpam-ldapd?), nor the > multitude of different caching tools. > (to mention only nslcd, nsscache, libpam-ccreds, nss_updatedb...). > > Having something solid to start with todays hordes of products > requiring some auth integration thingie would be really nice > > OTOH that would be nice to have some documentation without EXAMPLE.COM > inside :> > > I think getting freeipa working on Debian would be a great 'social' > move, sure to be valued among the Linux community (ok, at least the > part of community not centered on their own personal computers...), > but the transition to 'Freeipa is wideely adopted product for ...' > would surely need more people than a couple of guys in RH raising the > Debian cause and a few Debian users like me. > > Thanks to work by Alexandre Ellert it's possible to get freeipa > working with wheezy with relatively no hassle, but I'm afraid the > world needs more than him :> > > Trying that I haven't seen any obvious 'fedorisms' inside... > > As for 'let's have a dream' part -> I would like to see sth similar to > nsscache included with the freeipa suite for some really lightweight > clients, for more than one reason... > > Dmitri, thanks for raising the flag! > > Michał > > PS:Any idea for some advertisement on Debian side? I have no idea but where and how this effort can be advertised but any ideas are welcome! I think it would be great if someone passes it on to other lists that might be interested in joining the effort. > > On Fri, Aug 30, 2013 at 11:04 PM, Dmitri Pal <d...@redhat.com> wrote: >> Hello, >> >> Sorry for cross posting to 4 different lists but it seems that this >> is the best way to include most of people who might be interested in >> this discussion. >> >> The question of "When FreeIPA will be available on Debian?" has been >> coming up periodically on the list(s) without any resolution. However >> it is clear that it would be beneficial for the community and the project. >> >> May be it is time to try again? >> Let us see why it yet has not happened? >> >> 1) Some components need to be ported to Debian especially Dogtag and >> a slew of its new RESTEasy dependencies. This requires time and quite >> an effort from someone familiar with the domain. >> 2) The code needs to be changed in installer and potentially in other >> places as it might have had some Fedorizms blended in >> 3) Someone needs to own packages in Debian and maintain them, someone >> with good knowledge of the distro and time to take ownership of about >> 50 packages. >> >> Can we pull it off together this time? >> Say we plan for some Dogtag and IPA domain experts to work on the >> port during Nov 13 - Feb 14 and address 1) and 2). Would there be any >> interest to join forces with them? Would there be anyone to take on >> item >> 3) from the list above? >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> freeipa-us...@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ sssd-users mailing list sssd-us...@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users -- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
