On 28.4.2016 20:14, Hosakote Nagesh, Pawan wrote: > As a Follow up question I also wanted to know why is absolutely necessary for > Kerberos Client to have hostname? Wont Client initiate the connection and > FreeIPA server can take it from there. > If so what is the need of FQDN for FreeIPA client at all?
FQDN is needed as a host identifier in cases where you need to use a keytab. Kerberos Client could function without keytab but it could not host any services and it would be less secure as the client could not verify KDC's identity etc. FreeIPA right now does not support keytab-less clients. Does it answer your question? -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project