[Freeipa-devel] [PATCH] 208 tighten integration of hosts and services

Rob Crittenden rcritten at redhat.com
Fri May 8 21:25:00 UTC 2009


Simo Sorce wrote:
> On Fri, 2009-05-08 at 15:49 -0400, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> On Fri, 2009-05-08 at 14:17 -0400, Rob Crittenden wrote:
>>>> This patch more tightly couples services and hosts:
>>>>
>>>> - A host is required in order to create a service.
>>> nack, assuming I understand what this mean :)
>>> I think we need to be able to give out service keytabs and certificates
>>> to non-enrolled hosts for a long time.
>>> I am not sure it is a good idea to force someone to create a fake host
>>> just to get a keytab/certificate.
>> Define fake host. This doesn't force them to do an enrollment, just to 
>> create a host entry ala: ipa host-add foo.example.com.
> 
> Yes this is what I mean by fake host, and the problem is that you will
> have host entries that are not enrolled.
> It is a problem for reporting, it is also a problem for running things
> like finding dead hosts.
> I'd prefer not to have fake hosts if at all possible, it causes problems
> in other areas.
> 
> Simo.

Ok, but I think fake is the wrong word to use for them. Unenrolled is 
more precise.

rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090508/3f6bc773/attachment.bin>


More information about the Freeipa-devel mailing list