[Freeipa-devel] [PATCH] 208 tighten integration of hosts and services
Rob Crittenden
rcritten at redhat.com
Wed May 13 18:17:12 UTC 2009
Jason Gerard DeRose wrote:
> On Fri, 2009-05-08 at 17:45 -0400, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> On Fri, 2009-05-08 at 15:49 -0400, Rob Crittenden wrote:
>>>>> Simo Sorce wrote:
>>>>>> On Fri, 2009-05-08 at 14:17 -0400, Rob Crittenden wrote:
>>>>>>> This patch more tightly couples services and hosts:
>>>>>>>
>>>>>>> - A host is required in order to create a service.
>>>>>> nack, assuming I understand what this mean :)
>>>>>> I think we need to be able to give out service keytabs and certificates
>>>>>> to non-enrolled hosts for a long time.
>>>>>> I am not sure it is a good idea to force someone to create a fake host
>>>>>> just to get a keytab/certificate.
>>>>> Define fake host. This doesn't force them to do an enrollment, just
>>>>> to create a host entry ala: ipa host-add foo.example.com.
>>>> Yes this is what I mean by fake host, and the problem is that you will
>>>> have host entries that are not enrolled.
>>>> It is a problem for reporting, it is also a problem for running things
>>>> like finding dead hosts.
>>>> I'd prefer not to have fake hosts if at all possible, it causes problems
>>>> in other areas.
>>>>
>>>> Simo.
>>> Ok, but I think fake is the wrong word to use for them. Unenrolled is
>>> more precise.
>> Attached is a revised patch. Simo already acked these pieces so I'll
>> push this to master.
>
> For what's it's worth, ack. ;)
>
pushed to master
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090513/6f8562d6/attachment.bin>
More information about the Freeipa-devel
mailing list