[Freeipa-devel] [PATCH] 208 tighten integration of hosts and services
Jason Gerard DeRose
jderose at redhat.com
Mon May 11 23:04:48 UTC 2009
On Fri, 2009-05-08 at 17:45 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Simo Sorce wrote:
> >> On Fri, 2009-05-08 at 15:49 -0400, Rob Crittenden wrote:
> >>> Simo Sorce wrote:
> >>>> On Fri, 2009-05-08 at 14:17 -0400, Rob Crittenden wrote:
> >>>>> This patch more tightly couples services and hosts:
> >>>>>
> >>>>> - A host is required in order to create a service.
> >>>> nack, assuming I understand what this mean :)
> >>>> I think we need to be able to give out service keytabs and certificates
> >>>> to non-enrolled hosts for a long time.
> >>>> I am not sure it is a good idea to force someone to create a fake host
> >>>> just to get a keytab/certificate.
> >>> Define fake host. This doesn't force them to do an enrollment, just
> >>> to create a host entry ala: ipa host-add foo.example.com.
> >>
> >> Yes this is what I mean by fake host, and the problem is that you will
> >> have host entries that are not enrolled.
> >> It is a problem for reporting, it is also a problem for running things
> >> like finding dead hosts.
> >> I'd prefer not to have fake hosts if at all possible, it causes problems
> >> in other areas.
> >>
> >> Simo.
> >
> > Ok, but I think fake is the wrong word to use for them. Unenrolled is
> > more precise.
>
> Attached is a revised patch. Simo already acked these pieces so I'll
> push this to master.
For what's it's worth, ack. ;)
More information about the Freeipa-devel
mailing list