On 2017-05-31 10:54, Sumit Bose via FreeIPA-users wrote:
Why isn't 'ipa host-mod' sufficient? You can e.g. call it directly after
ipa-client-install to the set flag is needed?
You got me wrong. It is sufficient. My answer was referring to "Imo it
would not be a good idea to enable it by default. Since delegation means
that your full TGT is forwarded the target host should really be trusted
because otherwise someone with e.g. physical access to the host might be
able to steal the TGT and use it as long as the ticket is valid."
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org