7:24 a.m.
On Wed, Feb 14, 2018 at 10:00 AM, Alexander Bokovoy via FreeIPA-devel
<freeipa-devel(a)lists.fedorahosted.org> wrote:
On ke, 14 helmi 2018, Alexander Koksharov via FreeIPA-devel wrote:
>
> Hello,
>
> Please take a look on a design page here:
> https://www.freeipa.org/page/V4/Authselect_migration
> I would like to
>
> hear you critics and suggessions.
Thanks!
One note I have is about authconfig arguments. We gather them together
and launch only one authconfig command. There is, I believe, a
conceptual difference when you run authconfig with all options in a
single line and as separate executions so you'd get different
configurations.
This may be subtle on a first view but we need to ensure that an
authselect replacement would continue to provide the same configuration
in the end.
I assume you are going to add actual authselect part later.
Hi Lex,
I'll comment the use cases part later and now will focus on the change
itself as I don't have much time to write this.
I like the way how you described the old algorithm. It is quite easy
to read and understand. I miss a bit the same for the proposal. You
have written the proposal but I'm not sure if I understand it
correctly.
Is the proposal in pseudo code something like following?
"""
authselect would be required by FreeIPA on Fedora
authconfig would be removed as required
if has_authselect and sssd then:
client installer updates /etc/sysconfig/network with NISDOMAIN
if mkhomedir then
authselect select sssd with-mkhomedir
return
else
authselect select sssd
return
else
raise "not supported configuration ..."
if has_authconfig:
current_algorithm()
else
raise "not supported configuration ..."
"""
--
Petr Vobornik
Associate Manager, Engineering, Identity Management
Red Hat