[Freeipa-users] Rebuilding the failing original IPA master
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Nov 7 20:50:39 UTC 2012
This is what Im setting up to do.
Thanks very much.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Thursday, 8 November 2012 9:30 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Rebuilding the failing original IPA master
Steven Jones wrote:
> Hi,
>
> Sorry but I get confused with all the terms, I think its simpler, I dont do certs nad have not as far as I know installed a CA. Except those for things like port 443 connections or winsync connections...which are just internal?
No worries, I'm just trying to avoid giving bad advice.
A CA is not optional with IPA. We use it to secure the XML-RPC interface
and initial replication agreements. You may not need additional cert
capabilities right now but the base IPA install does.
It won't be pleasant if you lose the ability to issue certificates. It
may be worthwhile running through the steps in a test set up to be sure
things work as outlined.
rob
More information about the Freeipa-users
mailing list