[Freeipa-devel] [PATCH] Initial Radius Work
Rob Crittenden
rcritten at redhat.com
Sun Nov 4 04:09:36 UTC 2007
Simo Sorce wrote:
> On Sat, 2007-11-03 at 13:59 -0400, John Dennis wrote:
>> + # FIXME: ldap_server should be derived, not hardcoded to
>> localhost, also should it be a URL?
>> + radius.create_instance(realm_name, host_name, 'localhost')
>> +
>
> If at all possible, you should let ldap libraries use DNS discovery to
> find the ldap server, and not force one on them. this will allow
> automatic fallback eventually. Unells we want to tie a radiuserver to
> the local master for some other reasons, in which case you must use
> gethostname as you need the hostname of the server to get the right
> kerberos ticket.
>
Well, considering that we do exactly the same thing throughout all the
rest of IPA, I don't think this is really an issue. At this point it is
a very safe assumption that the radius server IS installed on the same
machine as FDS.
This is, after all, in ipa-server-install which currently only does a
bootstrap install of IPA.
Perhaps a new bug needs to be filed to track this usage of localhost but
I don't want to hold up John's patch for something we've all done.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071104/11eab7c0/attachment.bin>
More information about the Freeipa-devel
mailing list