[Ovirt-devel] ports and hostnames for the ovirt server
Simo Sorce
ssorce at redhat.com
Thu Mar 27 21:00:27 UTC 2008
On Thu, 2008-03-27 at 13:31 -0700, David Lutterkort wrote:
> On Thu, 2008-03-27 at 15:27 +0000, Daniel P. Berrange wrote:
> > Name based virtual hosting breaks with Kerberos too, because the oVirt
> > server's CANME will resolve to an IP, and then reverse resolve to a
> > different name. All services using Kerberos need real A records AFAICT
>
> That is an extremely serious shortcoming in practice, since generally
> you should make the hostnames for any services CNAME's so that you can
> move them around easily and transparently.
You can use CNAMEs all you want as long as they point to an A name and
that A name is what you use to cretae the http/fqdn at REALM service
principal.
When you move a service to another machine you generally do not move the
kerberos credentials, but you use the new credentials of the new target
machine.
If something does not work in this context then it might be a client
bug.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the ovirt-devel
mailing list