On 11 November 2016 at 13:23, Stephen Gallagher <sgall...@redhat.com> wrote:
>> I still believe we should stick to a generic hostname by default, >> (though I'd rather use "localhost" than "localhost.localdomain" in >> order to drop the redhatism that "localdomain" is), and make the IPA >> client-side enrollment code automatically update to a more "unique" >> hostname if the hostname is found to be unset or be "localhost". >> >> I am also pretty sure that DHCP clients should suppress sending local >> hostname information if the local hostname is unset or "localhost". >> > > > I realize that some of this is coming from my old-school sensibilities, but I > still remember a time when changing the hostname of a running system caused > lots > of things to fail, including NFS and sendmail. > > Changing the enrolling code to modify the machine's hostname would be very > unexpected from an end-user perspective, don't you think? > Doesn't an AD environment do that though through group policies. I can call my machine 'screw-the-boss' and after it gets registered into the AD it becomes whatever the corporate policy says it will be 'windows-1138' [Or at least the place I had AD had something in their system to do that so that students who thought that having hostnames of curse words or worse couldn't keep them if they enrolled the system into AD] And yes certain things might fail because the hostname changes.. but you restart them or reboot. We all like rebooting don't we :)? > > >>> * I like Zbigniew and Lennart's thoughts on how to generate the "random" >>> suffix. >>> the implementation I'd likely use is to take the first eight characters of >>> an >>> md5 (or SHA) hash of /etc/machine-id and use those. That should make it both >>> repeatable and unique. >> >> Please do not use MD5 anymore. And please calculate your ID as >> >> SHA(x || k) >> > > See child reply. I was trying to spare us some entropy during early setup, > but I > can't think of any reason this needs to be any more complicated than something > fed from /dev/random if we aren't going to try to generate it early in the > install process. Just use /dev/urandom. If you use /dev/random then someone is going to assume you meant it to be cryptographically secure and come up with a method which is better. -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
