[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Ovirt-devel] host-keyadd daemon



Right now the host-keyadd daemon and some of the python utility scripts
use kadmin.local to do things like create host principals for the ovirt
managed hosts.  This makes it so the ipa and ovirt servers need to be on
the same box.

I was thinking that it would make more sense to generate a keytab for the
ovirt mgmt host and grant that principal privileges to kadmin running on
the ipa server.  Then the ovirt daemons can use kadmin instead of
kadmin.local.

The developer install would just need to have a few more things scripted
to create the principal and keytab.  And we'd have to provide instructions
for doing this for the production install.

Is this the right path to go down, or should we be doing something else?
If people think this is reasonable, I'll make the changes.

Perry

-- 
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers redhat com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]