[Freeipa-devel] [PATCH] 208 tighten integration of hosts and services
Simo Sorce
ssorce at redhat.com
Fri May 8 20:14:21 UTC 2009
On Fri, 2009-05-08 at 15:49 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Fri, 2009-05-08 at 14:17 -0400, Rob Crittenden wrote:
> >> This patch more tightly couples services and hosts:
> >>
> >> - A host is required in order to create a service.
> >
> > nack, assuming I understand what this mean :)
> > I think we need to be able to give out service keytabs and certificates
> > to non-enrolled hosts for a long time.
> > I am not sure it is a good idea to force someone to create a fake host
> > just to get a keytab/certificate.
>
> Define fake host. This doesn't force them to do an enrollment, just to
> create a host entry ala: ipa host-add foo.example.com.
Yes this is what I mean by fake host, and the problem is that you will
have host entries that are not enrolled.
It is a problem for reporting, it is also a problem for running things
like finding dead hosts.
I'd prefer not to have fake hosts if at all possible, it causes problems
in other areas.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list