On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is awesome.
Please point me to any docs, if
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is
On 05/23/2014 03:28 PM, Dmitri Pal wrote:
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in
Dmitri Pal wrote:
On 05/23/2014 06:42 AM, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that
On Fri, 2014-05-23 at 12:42 +0200, Martin Kosek wrote:
On 05/23/2014 07:01 AM, James wrote:
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
On Fri, 2014-05-23 at 09:28 -0400, Dmitri Pal wrote:
I guess the question is more:
If I am root is there any way to do the operation without providing
the
password but rather using something like LDAPI to drive the operation.
The issue is that if you use puppet there is no way to get the
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package - and we cannot do that
without clear
text DM password.
The right way seems to be rather the RFE you filed:
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package - and we cannot do that
without clear
text DM password.
On Fri, May 23, 2014 at 7:49 PM, Simo Sorce s...@redhat.com wrote:
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
we also
need to encypher the replica info package
On Fri, 2014-05-23 at 21:26 -0400, James wrote:
On Fri, May 23, 2014 at 7:49 PM, Simo Sorce s...@redhat.com wrote:
On Fri, 2014-05-23 at 17:16 -0400, James wrote:
On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote:
One cannot easily improve ipa-replica-prepare to work through LDAPI as
On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
No, but those need to be accessible to the user, I think you can
create
a meta-package that contains those password when you create the first
master, encrypted in a gpg file with private keys only stored in the
freeipa servers.
I do
On Fri, 2014-05-23 at 22:57 -0400, James wrote:
On Fri, 2014-05-23 at 22:50 -0400, Simo Sorce wrote:
No, but those need to be accessible to the user, I think you can
create
a meta-package that contains those password when you create the first
master, encrypted in a gpg file with private
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is awesome.
Please point me to any docs, if there is reading I could be doing :)
Here
13 matches
Mail list logo