On 07/25/2012 08:32 PM, Steven Jones wrote: > Hi, > > I will ask.... >
I am trying to make sure we closed all the loose ends. Steven, is there any update? > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Rich Megginson [rmegg...@redhat.com] > Sent: Thursday, 26 July 2012 12:28 p.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/25/2012 06:11 PM, Steven Jones wrote: >> Hi, >> >> From a RH support case as I dont have access to the RDS channel. > We just updated the RHEL 6.3 downloads to have the RedHat-PassSync .msi > files. > >> No, its doesn't allay my Windows and security ppls concerns.... > I was speaking specifically about your original concerns: > > "No not specific developers but some sort of statement of ownership from > RedHat I suppose. So they are I assume looking for some sort of > confidence that it wont trash AD and if I install it and it does trash > our AD some liability." > > Does the fact that you are now getting a Red Hat branded binary from an > official Red Hat download site allay these particular fears? > >> http://port389.org/wiki/Download >> >> "This is an Active Directory "plug-in" that intercepts password changes made >> to AD and sends the clear text password to 389 DS to keep the passwords in >> sync (when using the Windows Sync feature of 389 DS). >> >> Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. " > "This is an Active Directory "plug-in" that intercepts password changes > made to AD Domain Controllers and sends the clear text password over an > encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync. > It works in conjunction with the Windows Sync feature of 389. You must > install this on every Domain Controller. " > > Better? > >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: Rich Megginson [rmegg...@redhat.com] >> Sent: Thursday, 26 July 2012 11:59 a.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] winsync msi >> >> On 07/25/2012 02:41 PM, Steven Jones wrote: >>> Hi, >>> >>> Ah ok, I have the "official" one. >> From where did you get it? And does it allay your concerns? >> >>> One thing on the free site, it says the password is transmitted as clear >>> text, no mention of over an encrypted secure channel....the security guys >>> had a fit.....so if you update that web page it would help the cause. >> Which page is that? The Howto:WindowsSync? >> >>> regards >>> >>> Steven Jones >>> >>> Technical Specialist - Linux RHCE >>> >>> Victoria University, Wellington, NZ >>> >>> 0064 4 463 6272 >>> >>> ________________________________________ >>> From: Rich Megginson [rmegg...@redhat.com] >>> Sent: Thursday, 26 July 2012 1:58 a.m. >>> To: Steven Jones >>> Cc: freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] winsync msi >>> >>> On 07/24/2012 03:15 PM, Steven Jones wrote: >>>> Hi Rich, >>>> >>>> I can appreciate what you are saying, but.... >>>> >>>> Not on Windows but specifically AD, the very core of our 21,000+ user >>>> base, that makes such an add on significant and gets focus. What we have >>>> seen with another similar (yes, commercial) MSI was a clash with another >>>> MSI added to AD, the result was not pretty....hence the Windows ppl are >>>> very careful when something like this is proposed. >>>> >>>> So actually some sites where this has been installed commercially would be >>>> good, if need be I can raise a call to RH support? or RH NZ rep to get >>>> that info in confidence / NDA. >>>> >>>> IPA like AD is not just another application, its at the very centre of >>>> everything. For us it will be the second or third most important system we >>>> have. It will probably connect us to ppl across the world and them to us >>>> (via federation/shibboleth) let alone our internal user base. >>>> >>>> Lets see if I can show this, so 99.9% uptime on an application is 9 hours >>>> off line per year.....per user.....say 100 users? >>>> >>>> So 1 hour off line in a business day with 21,000+ users.....21,000 hours >>>> lost plus all the meetings on why and how to make sure it wont happen >>>> again. If we were down for say a day or two....it would be in the IT if >>>> not National papers....(yes OK NZ is small)....I think my new occupation >>>> and some of the managers would be....road sweeping.....this makes them >>>> very risk adverse. >>>> >>>> Crazy thing of course is, yes IPA is free....... >>>> >>>> ;] >>>> >>>> I can appreciate things seem very strange in that context. Consider that >>>> its taken me 7 years to go from being employed specifically long enough to >>>> get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having >>>> 100 RHEL servers with most of the mission critical things on them.....all >>>> down to the quality of open source really......proof is in the >>>> eating....its proven very tasty...... >>> Ok. If you are a Red Hat paying customer, you should get the >>> RedHat-PassSync .msi from an official Red Hat channel. We are working >>> on addressing this issue. >>>> :) >>>> >>>> regards >>>> >>>> Steven Jones >>>> >>>> Technical Specialist - Linux RHCE >>>> >>>> Victoria University, Wellington, NZ >>>> >>>> 0064 4 463 6272 >>>> >>>> ________________________________________ >>>> From: Rich Megginson [rmegg...@redhat.com] >>>> Sent: Wednesday, 25 July 2012 2:54 a.m. >>>> To: Steven Jones >>>> Cc: freeipa-users@redhat.com >>>> Subject: Re: [Freeipa-users] winsync msi >>>> >>>> On 07/23/2012 06:32 PM, Steven Jones wrote: >>>>> Hi, >>>>> >>>>> No not specific developers but some sort of statement of ownership from >>>>> RedHat I suppose. So they are I assume looking for some sort of >>>>> confidence that it wont trash AD and if I install it and it does trash >>>>> our AD some liability. >>>> Can you point me at another open source project that provides Windows >>>> binaries that provides some sort of guarantee or statement or >>>> documentation like this? I'd like to see what other projects do and >>>> provide something similar. >>>> >>>> Or is this the first (and only?) time anyone in your organization has >>>> ever installed any open source software on Windows? >>>> >>>>> regards >>>>> >>>>> Steven Jones >>>>> >>>>> Technical Specialist - Linux RHCE >>>>> >>>>> Victoria University, Wellington, NZ >>>>> >>>>> 0064 4 463 6272 >>>>> >>>>> ________________________________________ >>>>> From: Rich Megginson [rmegg...@redhat.com] >>>>> Sent: Tuesday, 24 July 2012 12:11 p.m. >>>>> To: Steven Jones >>>>> Cc: freeipa-users@redhat.com >>>>> Subject: Re: [Freeipa-users] winsync msi >>>>> >>>>> On 07/23/2012 05:38 PM, Steven Jones wrote: >>>>>> Hi, >>>>>> >>>>>> For the winsync agreement my Windows and security teams want to know its >>>>>> details, >>>>>> >>>>>> eg who wrote it, >>>>> Red Hat - do you need to know the names of the developers? >>>>> >>>>>> it is Microsoft certified etc. >>>>> Not that I know of - how would one go about doing that? >>>>>> Where will I find such info? >>>>>> >>>>>> All I have is >>>>>> >>>>>> http://port389.org/wiki/Download >>>>>> >>>>>> Which doesn't tell me much. >>>>> There is more info in the actual .msi file. >>>>>> regards >>>>>> >>>>>> Steven Jones >>>>>> >>>>>> Technical Specialist - Linux RHCE >>>>>> >>>>>> Victoria University, Wellington, NZ >>>>>> >>>>>> 0064 4 463 6272 >>>>>> >>>>>> _______________________________________________ >>>>>> Freeipa-users mailing list >>>>>> Freeipa-users@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> Freeipa-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users