Hi, But as the user is the same, I could use the same keytab for each ipa server ?
I need to use the API indeed, so need to issue the http service. Any other options ? 2015-03-06 14:24 GMT+01:00 Petr Spacek <pspa...@redhat.com>: > On 6.3.2015 14:08, Martin Kosek wrote: >> I'm figuring out how to regenerate the webserver certificates so I can >> use a loadbalancer in front of my ipa servers. > > Are you talking about FreeIPA web interface? It is technically possible to use > load-balancer but it will be really hacky. You would have to solve > certificates and also distribute shared keytabs and so on. > > I would recommend you to use "something" which issues HTTP redirect to ipa > server 1/2/3/4/5 according to current state instead of using classical load > balancer on the network level. Normal HTTP redirect will not force you to mess > with certs and keytabs. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project