On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote: > I guess the question is more: > If I am root is there any way to do the operation without providing > the > password but rather using something like LDAPI to drive the operation. > The issue is that if you use puppet there is no way to get the > password > dynamically from some kind of source without baking it into the > scripts. > Baking passwords into scripts is bad so to avoid it there needs to be > a > way for root to install replica without it. I am not sure it is > currently possible though.
This is correct... It makes sense to me that there could be some way to do it without actually knowing the plain-text password as long as there is an existing secure channel to the new host. More on this in another mail...
Description: This is a digitally signed message part
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel