On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote:
> I guess the question is more:
> If I am root is there any way to do the operation without providing
> the 
> password but rather using something like LDAPI to drive the operation.
> The issue is that if you use puppet there is no way to get the
> password 
> dynamically from some kind of source without baking it into the
> scripts.
> Baking passwords into scripts is bad so to avoid it there needs to be
> a 
> way for root to install replica without it. I am not sure it is 
> currently possible though.

This is correct... It makes sense to me that there could be some way to
do it without actually knowing the plain-text password as long as there
is an existing secure channel to the new host. More on this in another

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-devel mailing list

Reply via email to