On 02/27/2014 10:18 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
[...]
Ok, so try to summarize this long-running thread, I'll rename the
subpackage to freeipa-server-foreman-smartproxy to make it clearer what
it is/does. Right now it requires manual configuration so having the
package installed should have no negative impacts (other than
potentially pulling in additional dependencies).
I'll leave it in smartproxy for now, it's just cleaner and better
integrates with ipatests IMHO.
Foreman supports SSL client auth which is great, by cherrypy does not
yet. There is a pull request to add this,
https://bitbucket.org/cherrypy/cherrypy/pull-request/15/added-support-for-client-certificate/activity
. Foreman otherwise supports no other authentication method, so we're
blocked with this. The certs for this would initially come out of
Foreman/puppet.
I'll submit a new patch with an updated spec but I think otherwise I've
addressed the isuses Petr has raised. This thread has taken a lot of
turns so it is very possible I missed something though :-)
Updated patch based on feedback from Foreman team. I added a new URI,
/features, which Foreman uses to determine what capabilities a proxy has.
rob
My review is blocked because 389-ds doesn't install on Rawhide due to
https://fedorahosted.org/389/ticket/47700
Noriko, do you know of a Rawhide build that includes your fix?
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
