On 2015-05-22 14:02, Petr Vobornik wrote: > Actually the service part of "IPA servers" is not covered in the > proposal. The proposal just says that it can be added later. > > There will be question if it should even be called "services". Maybe > capabilities would be better term given that KDC Proxy is not a > standalone service.
It's an implementation detail. KDC Proxy shares the Apache HTTP with webui because it is the simplest way. We don't have to create another certificate and an additional principal. However in the future that may change. For high traffic sites a separation of webui and KDC proxy may make sense. The KKDCP WSGI app has different tuning requirements than webui. Christian
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
