Excellent, thanks. I would add to this ticket: "Retreiving the kerberos keytab and storing in the clients's krb5.keytab", as that's my main issue, not the actual distribution of the common client configuration files. I do this with CFengine today.
Is the nfs/* kerberos service required for all nfs4+krb clients? If so, that should be added to the script as well. Rgds, Siggi On Wed, May 11, 2011 00:24, Dmitri Pal wrote: > On 05/10/2011 05:42 PM, Sigbjorn Lie wrote: > >> Hi, >> >> >> I would like to see the ipa client scripts and possibly the admin >> tools in a nice Solaris package. This would make my job a lot easier as we >> have a lot of >> customers running Solaris. :) >> >> For the server part I agree with you, keep it at RHEL. >> >> >> SSSD @ Solaris / HP-UX / AIX ... well there isn't much (if any) of the >> UNIX vendors selling their iron as client machines anymore. And I >> don't see a considerable benefit in adding SSSD to servers, who will be well >> connected to the >> network anyway. >> > > > https://fedorahosted.org/freeipa/ticket/1214 > > > >> >> >> Rgds, >> Siggi >> >> >> >> On 05/10/2011 11:31 PM, Dmitri Pal wrote: >> >>> On 05/10/2011 05:11 PM, Steven Jones wrote: >>> >>>> Hi, >>>> >>>> >>>> There are OSS packages that can be installed into Solaris.....so I >>>> dont see why freeipa cant be ported....at least the x86 CPU version anyway. >>> I think this will be a huge undertaking. It is not that simple. And is >>> there really a value for IPA to be on Solaris? I can understand the client >>> part but the server >>> is less important. It is a dedicated server running on BM or VM so does it >>> really matter what >>> os it is running as long it is supported and affordable? >>> >>> We as a dev community will be open to any effort to port the whole stack >>> to some other distribution but I bet there are better uses for someones >>> energy that we can >>> utilize to deliver better functionality to this user community. >>> >>> Client is a different issue. I tried to talk to IBM, HP and Sun a year >>> ago. They are not interested in porting SSSD to their platforms. >>> >>>> Oracle/Sun may not want to do IPA but if you had ever had the >>>> mis-fortune to try and use Oracle's IdM / OVD /OID you'd understand why few >>>> techies/ppl/businesses want it.....its bloody awful to install let alone >>>> work with or >>>> maintain....So its turns into a risky endeavour and no one sane wants that >>>> much risk in >>>> their business....let alone the 6 figure costs..........and yes Im talking >>>> over a million.... >>>> >>>> >>>> Hopefully we are getting away from the silo attitude of >>>> vendors.....Vendors might want only their products in a customer site, but >>>> realistically >>>> customers dont want that for lots of reasons, and pillaging your wallet is >>>> one of the >>>> biggest.... >>>> >>>> In our case all that happens is we wont buy Sun kit if it doesnt >>>> work the way we want to work....their loss. >>>> >>>> regards ________________________________________ >>>> From: freeipa-users-boun...@redhat.com >>>> [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal >>>> [d...@redhat.com] >>>> Sent: Wednesday, 11 May 2011 8:24 a.m. >>>> To: freeipa-users@redhat.com >>>> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment >>>> >>>> >>>> On 05/10/2011 04:10 PM, Steven Jones wrote: >>>> >>>>> Hi, >>>>> >>>>> >>>>> Its quite interesting that there are no real clients for ipa >>>>> outside of RH/Fedora....this will probably do more to delay or restrict >>>>> its adoption than >>>>> anything else. >>>>> >>>> Not sure what you are talking about. Any kerberos enabled service is a >>>> service and any pam_krb5/nss_ldap or SSSD enabled system can be a client. >>>> SSSD is in Debian, >>>> Ubuntu, SUSE, Fedora, RH >>>> Would be nice to have it in other OSs like Solaris and HP-UX but they >>>> have other plans. >>>> >>>>> regards >>>>> >>>>> Steven >>>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> >>>> >>> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> > > > -- > Thank you, > Dmitri Pal > > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users