On 03/15/2010 01:02 PM, Nathan Blackham wrote: > I am trying to use kerberos all around, but I am looking at fall back > methods. Also looking at automation of bringing up new build nodes. It > seems easier to have the automation with certificates, but that is just > after an initial look.
I was about to write that on the koji side it's all equal work, though depending on your situation creating a host ssl key might be easier then creating a krb host principal (if for example, you aren't a kerberos admin). However, I realized that setting the krb_principal for the host entry in the db might be a slight hassle. While the addHost call supports specifying it, the cli command doesn't handle that optional arg. (I think I'll fix that now). Even so, the code still sets a default krb_principal for the host based on the HostPrincipalFormat hub config option and its hostname. If you still to a standard naming scheme this should allow automation. Plus if you really need to, you could call addHost via the call subcommand to specify that third arg. That being said -- are you bringing so many hosts online that human intervention is really a barrier? I'm curious why you need this. -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
