Dear FreeIPA users, I’m encountering an issue when cloning a virtual machine that is a FreeIPA client.
After cloning, I change both the IP address and the system hostname of the new VM. However, I noticed that the system can still authenticate users using the original FreeIPA keytab, even though the hostname has changed. This seems incorrect, as I would expect the hostname in the keytab to match the system hostname. Yet, the new system continues to authenticate FreeIPA users as if it still had the old hostname. My questions: How can I ensure that a cloned VM with a new hostname and IP cannot continue to authenticate using the keytab from the original machine? Is there a way to force a verification between the system hostname and the keytab’s principal? For example, if the hostname doesn't match the principal in the keytab, it should fail to connect or authenticate. What is the recommended process when cloning a FreeIPA-enrolled VM to ensure proper cleanup or re-enrollment? Thanks in advance for your help! Best regards, Diogène. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
