On Wed, Feb 14, 2018 at 10:00 AM, Alexander Bokovoy via FreeIPA-devel
<freeipa-devel@lists.fedorahosted.org> wrote:
> On ke, 14 helmi 2018, Alexander Koksharov via FreeIPA-devel wrote:
>>
>> Hello,
>>
>> Please take a look on a design page here:
>> https://www.freeipa.org/page/V4/Authselect_migration
>> I would like to
>>
>> hear you critics and suggessions.
>
> Thanks!
>
> One note I have is about authconfig arguments. We gather them together
> and launch only one authconfig command. There is, I believe, a
> conceptual difference when you run authconfig with all options in a
> single line and as separate executions so you'd get different
> configurations.
>
> This may be subtle on a first view but we need to ensure that an
> authselect replacement would continue to provide the same configuration
> in the end.
>
>
> I assume you are going to add actual authselect part later.
Hi Lex,
I'll comment the use cases part later and now will focus on the change
itself as I don't have much time to write this.
I like the way how you described the old algorithm. It is quite easy
to read and understand. I miss a bit the same for the proposal. You
have written the proposal but I'm not sure if I understand it
correctly.
Is the proposal in pseudo code something like following?
"""
authselect would be required by FreeIPA on Fedora
authconfig would be removed as required
if has_authselect and sssd then:
client installer updates /etc/sysconfig/network with NISDOMAIN
if mkhomedir then
authselect select sssd with-mkhomedir
return
else
authselect select sssd
return
else
raise "not supported configuration ..."
if has_authconfig:
current_algorithm()
else
raise "not supported configuration ..."
"""
--
Petr Vobornik
Associate Manager, Engineering, Identity Management
Red Hat
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
