> The hostname put by ipa-client-install corresponds to the server to which this
> client is enrolled.  You enroll with a single server, after all.

How would one enroll with multiple IPA servers? For instance, a standard 
configuration for a Rocks HPC cluster is to have at least two and usually three 
networks active, with different DNS zones for each. The "public" network is 
"company.example.com", "private" is typically an isolated GbE network named 
"local", and there's usually a fast network for real work (Infiniband or 
10GbE); let's name it "ipoib" for IP over Infiniband. There may also be a slow 
100bT network for management.

A few machines have access to all three networks (headnode.company.example.com, 
headnode.local, and headnode.ipoib). Compute nodes have access to two 
(compute-0-0.local, compute-0-0.ipoib).

Is it possible to make a single IPA instance manage the two isolated networks 
(local and ipoib)? Would multiple IPA servers and multiple enrollments be 
required? Once an IPA solution is defined, how does one configure 
openssh/sssd/krb5 on the compute nodes such that Kerberos SSO (and NFS server 
access) works regardless of which isolated network is used for communication?
Would the compute nodes' two-network configuration be extensible to the 
headnode's three-network configuration?


This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to