3:22 a.m.
Turbo Fredriksson wrote:
On 27 Mar 2017, at 22:09, Michael Ströder
<michael(a)stroeder.com> wrote:
> I've looked at dogtag approx. two years ago. The use of LDAP was, uumh, somewhat
strange:
Ouch, nah that doesn’t make much sense :(.
Do anyone know of any other product/project (open source preferred, but not
a requirement) that can do the same - provide certificates programatically?
We had a module for OpenLDAP 2.0, way back when. It hasn't been maintained in
years.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3:35 a.m.
New subject: OT: Security management/distribution in "The Cloud" (Was: Dogtag CA with OpenLDAP?)
On 28 Mar 2017, at 11:22, Howard Chu <hyc(a)symas.com> wrote:
We had a module for OpenLDAP 2.0, way back when. It hasn't been
maintained in years.
Ok, I see :(. What did that do exactly? Name?
Sorry for the OT (although it’s _slightly_ relevant to OpenLDAP I guess).
But how do people handle secrets (key/value, certificates etc) in a cloud
environment? With bare metal, you usually don’t spinup/down machines
that often, so distributing stuff like that is “easy”. But with the cloud and
“resources are cattle, not pets”, how to do that there!?
This have been racking my brain (and several of my friends and colleagues)
for months now!
I’m using OpenLDAP and MIT Kerberos V for users and passwords, but
I’m not sure how I could (if I should) utilise that to keep “secrets”.
I’ve looked at Hashicorp Vault, but that’s extremely immature and not any
where near ready a “production” environment (not to mention that it lacks
very important functions etc).
Dogtag is apparently good enough (although huge - might not need all that
functionality), but maintaining an additional LDAP/KerberosV setup is seriously
unappealing!
But what else is there?
4:30 a.m.
New subject: OT: Security management/distribution in "The Cloud" (Was: Dogtag CA with OpenLDAP?)
On 03/28/2017 06:35 AM, Turbo Fredriksson wrote:
On 28 Mar 2017, at 11:22, Howard Chu <hyc(a)symas.com> wrote:
> We had a module for OpenLDAP 2.0, way back when. It hasn't been maintained in
years.
Ok, I see :(. What did that do exactly? Name?
Sorry for the OT (although it’s _slightly_ relevant to OpenLDAP I guess).
But how do people handle secrets (key/value, certificates etc) in a cloud
environment? With bare metal, you usually don’t spinup/down machines
that often, so distributing stuff like that is “easy”. But with the cloud and
“resources are cattle, not pets”, how to do that there!?
This have been racking my brain (and several of my friends and colleagues)
for months now!
I’m using OpenLDAP and MIT Kerberos V for users and passwords, but
I’m not sure how I could (if I should) utilise that to keep “secrets”.
I’ve looked at Hashicorp Vault, but that’s extremely immature and not any
where near ready a “production” environment (not to mention that it lacks
very important functions etc).
Dogtag is apparently good enough (although huge - might not need all that
functionality), but maintaining an additional LDAP/KerberosV setup is seriously
unappealing!
But what else is there?
EJBCA (Enterprise Java Beans Certificate Authority), but it is just as
"heavy" as DogTag. Personally, the java bloat is what turns me off to
it. not much else is available as open source.
5:30 a.m.
New subject: OT: Security management/distribution in "The Cloud" (Was: Dogtag CA with OpenLDAP?)
On 28 Mar 2017, at 12:30, Brendan Kearney <bpk678(a)gmail.com> wrote:
Personally, the java bloat is what turns me off to it. not much else
is available as open source.
Yeah, i’m not to fond of Java stuff either.
I’m not sure I dare ask, but know of any commercial products?
2253
days inactive
2253
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Brendan Kearney -
Howard Chu -
Turbo Fredriksson