[Freeipa-users] Freeipa and FQDN requirement
Petr Spacek
pspacek at redhat.com
Mon Jul 25 13:01:39 UTC 2016
On 25.7.2016 14:49, Ilan Green wrote:
> Hello,
> Customer wants to switch between the IPA server FQDN and short name in /etc/hosts (having the short name first) post IPA install?
>
> Can anyone please confirm that the suggestions & reservations listed by Simo Sorce in the following thread still apply - i.e. no RFE was ever applied yet?
> https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00079
>
> mainly:
> https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00104
> https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00105
This might or might not work, we do not test this scenario.
In any case it goes directly against procedures in official docs:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#dns-reqs
... so do not be surprised if things break.
In general we strongly recommend to use a dedicated machine for IdM server for
security reasons. There should be no technical reason not to use FQDN hostname
for a dedicated VM as the requirement for short names as hostname usually
comes from crappy applications.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list