On ke, 08 marras 2017, Pascal Ernster via FreeIPA-users wrote:
[2017-11-07 14:50] Alexander Bokovoy via FreeIPA-users:
If they all have the same hostname, you are better to enroll and share
keytab across all configurations. To do so, enroll first time and then
specify /etc/krb5.keytab from that installation with ipa-client-install
-k option. See ipa-client-install man page for more details.
Thanks for the advice. Would the kerberos keytab and the SSH host keys
be the only possible/likely causes for problems?
The only thing that would be common to all these machines is LDAP object
for the machine. It is indexed by the hostname, so having the same
hostname means sharing that LDAP object and all its attributes,
including Kerberos key.
You can have multiple SSHFP entries for the same host, this is normal.
Please note that I run FreeIPA with external nameservers, on which I
added the necessary DNS entries for the FreeIPA servers manually. The
FreeIPA client machines only have their respective A/AAAA records (and
the corresponding reverse DNS records, of course).
How DNS is managed is irrelevant here.
/ Alexander Bokovoy
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org