On Thu, Dec 15, 2022 at 07:45:07AM +0100, Fabian Arrotin wrote:
Well, you know that real data (users/groups/rbac rules/etc) are
stored in IPA itself, which isn't reachable directly, reason why
fasjson was created.
But because fasjson itself doesn't store any credentials, it's just
an "application proxy" that will just do the query for you/your app,
reason why it needs a kerberos ticket.
Ah, thanks. That's definitely a crucial thing I was missing.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader