[Freeipa-devel] [PATCH] Initial Radius Work
Simo Sorce
ssorce at redhat.com
Sun Nov 4 15:34:39 UTC 2007
On Sun, 2007-11-04 at 00:09 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Sat, 2007-11-03 at 13:59 -0400, John Dennis wrote:
> >> + # FIXME: ldap_server should be derived, not hardcoded to
> >> localhost, also should it be a URL?
> >> + radius.create_instance(realm_name, host_name, 'localhost')
> >> +
> >
> > If at all possible, you should let ldap libraries use DNS discovery to
> > find the ldap server, and not force one on them. this will allow
> > automatic fallback eventually. Unells we want to tie a radiuserver to
> > the local master for some other reasons, in which case you must use
> > gethostname as you need the hostname of the server to get the right
> > kerberos ticket.
> >
>
> Well, considering that we do exactly the same thing throughout all the
> rest of IPA, I don't think this is really an issue. At this point it is
> a very safe assumption that the radius server IS installed on the same
> machine as FDS.
>
> This is, after all, in ipa-server-install which currently only does a
> bootstrap install of IPA.
>
> Perhaps a new bug needs to be filed to track this usage of localhost but
> I don't want to hold up John's patch for something we've all done.
not holding, just making a note.
it's ok for inclusion for me.
Simo.
More information about the Freeipa-devel
mailing list