On Fri, May 28, 2010 at 10:02 AM, Stjepan Gros <sg...@zemris.fer.hr> wrote:
> Hi!
> I have a simple question regarding adding hosts in Kerberos when hosts
> are dynamically assigned IP addresses and registered to DNS. In such
> cases, ipa-addservice complains that host has to have A record in DNS
> and doesn't want to add new principal.
> So, there are two choices:
> 1. temporarily add DNS records, run ipa-addservice, and remove DNS
> records, or
> 2. connect PC to network in order for host to receive IP address and
> registers with DNS, and then run ipa-addservice
> Unfortunatelly, my situation is such that option 2 isn't possible, and
> option 1 seems more like a hack than something systematic.
> So, is there a third option?
> Stjepan
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

i haven't even installed freeipa yet, so someone somewhere probably
already addressed this.  Consider these 4 random thoughts:

Why not use an offline IP address and an online IP address?
If a hosts normal online address is,
a hosts offline IP address is
Actually, offline address is traditionally
Does ipa-addservice work when the dns entry is
Does ipa-addservice work when multiple hosts have the same zero ip

Some systems pull DNS info from LDAP (pdns-ldap
http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend).  So
even if the DNS entries are not all there, a precreated ldap entry
could exist.  Maybe the --force option does this.

ipa-addservice could use UUID / GUID entries instead of IP addresses.

If the clients are powered on and connected to the internet but not
your LAN, then a secondary remotely accessible virtual IP may help,
but there is likely a chicken and egg problem at this point.

Freeipa-users mailing list

Reply via email to