[Freeipa-devel] [DESIGN] IPA client in AD DNS domain
Alexander Bokovoy
abokovoy at redhat.com
Tue May 24 13:32:34 UTC 2016
On Tue, 24 May 2016, Simo Sorce wrote:
>On Tue, 2016-05-24 at 10:44 +0300, Alexander Bokovoy wrote:
>> >Alternative technical approach is to add aliases to an host's
>> attribute and
>> >use it from there. I suspect that this would be less flexible and
>> less
>> >future-proof.
>
>> I don't see a need for alias-as-a-property. Instead, I'm interested in
>> having a possibility to have different keys, certificates, etc, on
>> objects used as aliases. This improves security position by splitting
>> the manager and the user of the resource.
>
>Can you elaborate on this ?
>Are you misusing the "alias" word here to just mean "host that have
>multiple identities" like clusters/load ballancers/proxies etc... ?
Precisely.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list