[Freeipa-devel] Understanding FreeIPA replica internals
James
purpleidea at gmail.com
Fri May 23 21:09:08 UTC 2014
On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote:
> I guess the question is more:
> If I am root is there any way to do the operation without providing
> the
> password but rather using something like LDAPI to drive the operation.
> The issue is that if you use puppet there is no way to get the
> password
> dynamically from some kind of source without baking it into the
> scripts.
> Baking passwords into scripts is bad so to avoid it there needs to be
> a
> way for root to install replica without it. I am not sure it is
> currently possible though.
This is correct... It makes sense to me that there could be some way to
do it without actually knowing the plain-text password as long as there
is an existing secure channel to the new host. More on this in another
mail...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140523/656ec298/attachment.sig>
More information about the Freeipa-devel
mailing list