Yes Dmitri these two hints would definitely help, the servers are not 4.x
yet though.
On 19 September 2014 23:14, Dmitri Pal d...@redhat.com wrote:
On 09/19/2014 04:03 PM, Walid wrote:
Thank you all, will investigate the requirements of host keytabs, and if
there is a way around it by
On 09/19/2014 04:03 PM, Walid wrote:
Thank you all, will investigate the requirements of host keytabs, and
if there is a way around it by having it shared but secure for our
context.
Couple hints.
1. If you have a keytab stashed and the system was rebuilt you can now
rerun
Thank you all, will investigate the requirements of host keytabs, and if
there is a way around it by having it shared but secure for our context.
On 18 September 2014 23:04, Dmitri Pal d...@redhat.com wrote:
On 09/18/2014 10:12 AM, Walid A. Shaari wrote:
Hi,
we are going to have a use
Hi,
we are going to have a use case of diskless HPC clients that will use the
IPA for lookups, I was wondering if i can get rid of the state-fulness of
the client configuration as much as possible as it is more of a cattle than
pets use case. that is i do not need to know that the client is part
Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if i can get rid of the
state-fulness of the client configuration as much as possible as it is
more of a cattle than pets use case. that is i do not need to
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and 3
clients?
On 18 September 2014 17:43, Rob Crittenden rcrit...@redhat.com wrote:
Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if
On Thu, 18 Sep 2014 18:49:44 +0300
Walid A. Shaari walid.sha...@linux.com wrote:
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and
3 clients?
The X509 certificate has always been provided as a commodity but never
required.
Keytabs are the only thing we require.
Simo.
--
Walid A. Shaari wrote:
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and 3
clients?
Sure, the cert isn't used anyway but it isn't optional to have
certmonger try to get one.
If you really care you can run a command to tell certmonger to stop
tracking the cert though:
#
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future? Or will it be optional?
Or am I misunderstanding this :-) ? I
On Thu, 18 Sep 2014, Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future? Or will it be
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future?
On 09/18/2014 10:12 AM, Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if i can get rid of the
state-fulness of the client configuration as much as possible as it is
more of a cattle than pets use case.
hi,
On Thu, Sep 18, 2014 at 9:05 PM, Rob Crittenden rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 9:05 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com
On Thu, Sep 18, 2014 at 10:51 PM, Rob Crittenden rcrit...@redhat.com
wrote:
Natxo Asenjo wrote:
ok. I was thinking on starting a pilot with dot1.x and hosts
certificates are usually used for this, so it would be nice to have a
cli switch during enrollment.
Ok, do you have a preference
15 matches
Mail list logo