In large orginizations, hosts can sometimes be retired without following
procedures, etc, which leaves host objects in FreeIPA for hosts that no longer
exist.
Is there anyway to see when a host last checked in with FreeIPA? One could
then delete host objects which haven't connected in say 30/6
Nothing? No ideas?
How do large organizations with 1000s of hosts handle this?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
htt
Thanks for the response, François.
I'm somewhat surprised there isn't a way to determine both host and user
activity already.
For hosts, doesn't the Kerberos ticket have to be renewed on a regular basis?
Couldn't that timestamp be used?
___
FreeIPA-u
The best way to handle this is via a CloudWatch event that triggers a Lambda
when the EC2 is terminated to call the IPA REST API to remove the host.
No need for all the rigamorale you are doing.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedo
Howdy,
We are having intermittent login issues with our SSSD/IPA clients using
Identity Manager in a read-only cross-forest trust configuration.
The SSSD/IPA servers themselves don't seem to be having this issue, just the
SSSD/IPA clients using the IDM/IPA servers as their identity provider.
I
Howdy,
We are having intermittent login issues with our SSSD/IPA clients using
Identity Manager in a read-only cross-forest trust configuration.
The SSSD/IPA servers themselves don't seem to be having this issue, just the
SSSD/IPA clients using the IDM/IPA servers as their identity provider.
I
