[Freeipa-devel] [PATCH] 208 tighten integration of hosts and services
Rob Crittenden
rcritten at redhat.com
Fri May 8 19:49:58 UTC 2009
Simo Sorce wrote:
> On Fri, 2009-05-08 at 14:17 -0400, Rob Crittenden wrote:
>> This patch more tightly couples services and hosts:
>>
>> - A host is required in order to create a service.
>
> nack, assuming I understand what this mean :)
> I think we need to be able to give out service keytabs and certificates
> to non-enrolled hosts for a long time.
> I am not sure it is a good idea to force someone to create a fake host
> just to get a keytab/certificate.
Define fake host. This doesn't force them to do an enrollment, just to
create a host entry ala: ipa host-add foo.example.com.
>> - When removing a host all services are removed.
>
> ack
>
>> - When a service is removed its certificate is revoked.
>
> ack
>
>> This makes removing a host a pretty destructive, irreversible act. I'm
>> working on a way to prompt the command-line user before executing the
>> command. That will come as a later patch.
>
> Yeah that would be nice.
>
> Simo.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090508/d5c42d3d/attachment.bin>
More information about the Freeipa-devel
mailing list