[Freeipa-users] IPA & hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

Fri Mar 2 14:11:31 UTC 2012

On Fri, 2012-03-02 at 08:10 -0500, Stephen Gallagher wrote:
> On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote:
> > Hi,
> > 
> > Server Side:
> > RHEL6.2
> > ipa-admintools-2.1.3-9.el6.x86_64
> > ipa-client-2.1.3-9.el6.x86_64
> > ipa-pki-ca-theme-9.0.3-7.el6.noarch
> > ipa-pki-common-theme-9.0.3-7.el6.noarch
> > ipa-python-2.1.3-9.el6.x86_64
> > ipa-server-2.1.3-9.el6.x86_64
> > ipa-server-selinux-2.1.3-9.el6.x86_64
> > 
> > 
> > Client Side Config:
> > Centos 6.2
> > ipa-client-2.1.3-9.el6.x86_64
> > ipa-python-2.1.3-9.el6.x86_64
> > 
> > 
> > Issue:
> > IPA (via sssd) requires that a hostname (as returned by the `hostname`
> > commmand) be fully qualified.
> > 
> > This requirement has caused us no end of grief due to ripple effects not
> > related to IPA, it breaks other software we use which expects hostname
> > to be not fully qualified.
> > 
> > We don't understand why IPA & sssd require that a machine's hostname be
> > fully qualified when `hostname --fqdn` can be used instead?
> > 
> > In our case we had hostname setup to be the machine name as in:
> > 
> > # hostname
> > foo
> > # dnsdomainname
> > bar.com.au
> > # hostname --fqdn
> > foo.bar.com.au
> > 
> > Why doesn't IPA & SSD use the value returned by `hostname --fqdn`?
> > 
> > Why must `hostname` itself be fully qualified when `hostname --fqdn` is
> > available?
> 
> I think this requirement is only in place during ipa-client-install.
> sssd.conf has an option 'ipa_hostname=foo.bar.com.au' which it will use
> regardless of the value that 'hostname' returns.
> 
> Is there some other place I'm missing? If so, that's probably a bug and
> should be reported as such.

There are kerberized programs that expect to use gethostname() and use
that name to compose principals. If that name is not fully qualified
they will break.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York