Hi,

But as the user is the same, I could use the same keytab for each ipa server ?

I need to use the API indeed, so need to issue the http service.

Any other options ?



2015-03-06 14:24 GMT+01:00 Petr Spacek <pspa...@redhat.com>:
> On 6.3.2015 14:08, Martin Kosek wrote:
>> I'm figuring out how to regenerate the webserver certificates so I can
>> use a loadbalancer in front of my ipa servers.
>
> Are you talking about FreeIPA web interface? It is technically possible to use
> load-balancer but it will be really hacky. You would have to solve
> certificates and also distribute shared keytabs and so on.
>
> I would recommend you to use "something" which issues HTTP redirect to ipa
> server 1/2/3/4/5 according to current state instead of using classical load
> balancer on the network level. Normal HTTP redirect will not force you to mess
> with certs and keytabs.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to