[Freeipa-devel] [PATCH] 888 always verify hostname

Martin Kosek mkosek at redhat.com
Tue Nov 29 15:38:36 UTC 2011 

On Tue, 2011-11-29 at 10:18 -0500, Simo Sorce wrote:
> On Tue, 2011-10-11 at 17:07 +0200, Martin Kosek wrote:
> > On Fri, 2011-10-07 at 09:18 -0400, Rob Crittenden wrote:
> > > Martin Kosek wrote:
> > > >>
> > > >> Yes but the entry is added /etc/hosts at the very END of installation,
> > > >> apparently too late for some things. We can alternately add this prior
> > > >> to configuring anything else.
> > > >
> > > > But we add the entry to /etc/hosts right in the beginning. After the
> > > > line marked with<<<<<<  is printed. I double-checked it right now.
> > > 
> > > Ok, this is totally freaky then. See ticket 
> > > https://fedorahosted.org/freeipa/ticket/1931
> > > >
> > 
> > I think it is worth mentioning there that the /etc/hosts entry is added
> > in the beginning only if the hostname is not resolvable and IP address
> > is passed by the user, i.e. only when the following line printed:
> > 
> > # ipa-server-install --setup-dns (or --no-host-dns)
> > ...
> > Please provide the IP address to be used for this host name: 10.16.78.50
> > Adding [10.16.78.50 ipa.example.com] to your /etc/hosts file
> > ...
> > 
> > I saw that 1931 should be solved by a new custom hostname parameter
> > passed to bind-dyndb-ldap plugin.
> > 
> > 
> > I did some additional testing of my proposed patch 140 and it behaved
> > fine. It is able to catch misconfigured /etc/hosts in both following ways:
> > 
> > 1) invalid hostname for given IP address
> > 
> > 1.2.3.4  foo
> > 
> > or short name first:
> > 
> > 1.2.3.4 foo foo.example.com
> > 
> > 
> > To sum this up - I think the patch is ready for review.
> 
> What's the status of this patch ?
> 
> Simo.
> 

All patches related to this topic has been reviewed, acked and pushed in
different thread named "[PATCH] 140 + 148 + 147 Hostname fixes".

Both relevant tickets has been fixed with these 3 patches:

https://fedorahosted.org/freeipa/ticket/1923
https://fedorahosted.org/freeipa/ticket/1931

But you are right that no information that the discussion continues
somewhere else was given here.

Martin

More information about the Freeipa-devel mailing list