On Mon, 2009-12-07 at 23:21 -0500, Rob Crittenden wrote: > Make the IPA server host and its services "real" IPA entries > > We use kadmin.local to bootstrap the creation of the kerberos principals > for the IPA server machine: host, HTTP and ldap. This works fine and has > the side-effect of protecting the services from modification by an admin > (which would likely break the server). > > Unfortunately this also means that the services can't be managed by > useful utilities such as certmonger. So we have to create them as "real" > services instead. > > This is a relatively manual process so if the schema for hosts or > services changes this may require updates as well. > > There remains a minor problem. If you create a replica, during the > installation of that replica it will create host and service entries > too. But if you retire this replica those entries will remain. The next > time you try to install the replica it will fail with dupliate entries. > I'll address this in the future as the easy workaround is to run `ipa > host-del replica.example.com` and re-install the replica. > > rob
ack. pushed to master. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel