[Freeipa-users] subjectAlternitiveName for webservice
Petr Spacek
pspacek at redhat.com
Fri Mar 6 14:31:13 UTC 2015
On 6.3.2015 15:13, Matt . wrote:
> Hi,
>
> But as the user is the same, I could use the same keytab for each ipa server ?
>
> I need to use the API indeed, so need to issue the http service.
>
> Any other options ?
I do not really understand your use case. Could you describe it in detail, please?
Petr^2 Spacek
> 2015-03-06 14:24 GMT+01:00 Petr Spacek <pspacek at redhat.com>:
>> On 6.3.2015 14:08, Martin Kosek wrote:
>>> I'm figuring out how to regenerate the webserver certificates so I can
>>> use a loadbalancer in front of my ipa servers.
>>
>> Are you talking about FreeIPA web interface? It is technically possible to use
>> load-balancer but it will be really hacky. You would have to solve
>> certificates and also distribute shared keytabs and so on.
>>
>> I would recommend you to use "something" which issues HTTP redirect to ipa
>> server 1/2/3/4/5 according to current state instead of using classical load
>> balancer on the network level. Normal HTTP redirect will not force you to mess
>> with certs and keytabs.
>>
>> --
>> Petr^2 Spacek
More information about the Freeipa-users
mailing list