On ma, 13 marras 2017, Harald Dunkel wrote:
Hi Alex,
On Fri, 10 Nov 2017 16:59:07 +0200
Alexander Bokovoy via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
wrote:
On pe, 10 marras 2017, Harald Dunkel via FreeIPA-users wrote:
>
>ipa-getkeytab failed with
>
> Failed to parse result: PrincipalName not found.
>
>I would have expected it to create the principal on the fly.
ipa-getkeytab does not create principal. It creates key for an existing
principal.
Do you think a one-shot solution could be implemented? I mean, the
whole ipa-client-install can be run remotely, using just a single
command line. Thats great. It would be pretty cool if a service
principal and the appropriate keytab file entry could be created
within one step as well.
You can implement that yourself since IPA CLI is always part of the
rpms/debs where ipa-client-install is located. However, we would
probably avoid adding this by default because we try to keep actions
separated: adding an object to IPA and enrolling an existing object are
two distinct actions from security point of view and we'd like to keep
it this way.
There is a ticket for a future releases to allow users have a quota on
objects they could create themselves (say, up to 10 hosts). We aren't
there yet.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
