On 2017-05-31 10:54, Sumit Bose via FreeIPA-users wrote:
[...] Why isn't 'ipa host-mod' sufficient? You can e.g. call it directly after ipa-client-install to the set flag is needed?
You got me wrong. It is sufficient. My answer was referring to "Imo it would not be a good idea to enable it by default. Since delegation means that your full TGT is forwarded the target host should really be trusted because otherwise someone with e.g. physical access to the host might be able to steal the TGT and use it as long as the ticket is valid."
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org