On 09/04/2013 09:26 AM, Petr Spacek wrote:
> On 4.9.2013 15:04, Bret Wortman wrote:
>> What's the right venue for making a suggestion? In particular, I'd
>> like to
>> toss out there that it would be really nice to be able to export, at a
>> minimum, DNS and user data from IPA in the form of a zone file and a
>> passwd/shadow file pair.
>> I realize there might be security implications to the latter, and
>> out passwords might be advisiable. And there's no easy way,
>> necessarily, to
>> get out sudo information. But having DNS and user details would at least
>> permit a sysadmin having major issues (like I have been for the past two
>> weeks) to get up and running in some form, using puppet or some other
>> to distribute flat files with named running against a static zone
>> file, or
>> even to migrate off IPA if absolutely necessary.
> for DNS you can use normal zone transfer. Just configure IPA zone to
> allow zone transfer to an IP address (localhost means 'localy to IPA
> server') and use standard DNS tools, e.g. dig:
> $ ipa dnszone-mod example.com --allow-transfer='localhost;'
> $ dig +onesoa -t AXFR example.com > /root/example.com.db
> That is all you need for DNS, you have the standard zone file.
> I believe that you can use SSSD (with enumeration enabled) to run
> "getent passwd > /root/passwd.bck". I have no idea how it works with
> shadow map/password. Try to ask sssd-us...@lists.fedorahosted.org.
And to add to it:
IPA does not keep password in clear or the hashes that are used in
passwd and shadow files for security reasons so it can't generate these
files as you suggest.
It is unclear what the problems are that you are facing and what made
you get back to local files.
I agree with Petr that SSSD has a lot of bells and whistles to make your
client experience smooth and help you recover from any server side
problems you might have.
But may be we are missing something and there is something we can do.
If you can describe the problem you are facing we might be able to
suggest a solution.
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list