[Freeipa-devel] What would break if loopback addresses were allowed for IPA server?
Martin Basti
mbasti at redhat.com
Thu Sep 22 11:28:30 UTC 2016
On 21.09.2016 12:01, Jan Pazdziora wrote:
> Hello,
>
> I've recently hit again the situation of IPA installer not happy
> about the provided IP address not being local to it, this time in
> containerized environment:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1377973
>
> During the discussion, we came to an interesting question:
>
> What would break if loopback addresses were allowed for IPA
> server?
>
> Of course, the idea is that it would only be used for installation and
> then IPA would change its IP address in DNS to whatever is the real IP
> address under which it is accessible.
>
> Where does the allow_loopback=False requirement in the installer come
> from and what would break if it was removed altogether?
>
> Thanks,
>
I'm not aware of anything that should prevent us to have just loopback
address (installation without DNS) on server. It is somehow weird to not
have any other address unicast address assigned, but cloud world strikes.
IIRC in past there might be issue with some services (KDC? not sure)
that cannot run only with loopback address, but I dont think that this
is an issue nowadays.
This needs investigation, please file a ticket and we may allocate human
and time for this :)
Martin^2
More information about the Freeipa-devel
mailing list