[Freeipa-users] Free IPA Client in Docker
Petr Spacek
pspacek at redhat.com
Mon May 2 06:48:23 UTC 2016
On 28.4.2016 20:14, Hosakote Nagesh, Pawan wrote:
> As a Follow up question I also wanted to know why is absolutely necessary for Kerberos Client to have hostname? Wont Client initiate the connection and FreeIPA server can take it from there.
> If so what is the need of FQDN for FreeIPA client at all?
FQDN is needed as a host identifier in cases where you need to use a keytab.
Kerberos Client could function without keytab but it could not host any
services and it would be less secure as the client could not verify KDC's
identity etc.
FreeIPA right now does not support keytab-less clients.
Does it answer your question?
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list