Re: [Freeipa-users] TLSA records in FreeIPA

2013-09-25 Thread Christian Horn
On Tue, Sep 24, 2013 at 11:23:29AM -0600, Erinn Looney-Triggs wrote: I wanted to bring up the idea of integrating TLSA records into FreeIPA so that a host that is issued a certificate for say the web server (via dogtag) would also publish that information in DNS using a TLSA record. This is

Re: [Freeipa-users] zeroconf/bonjour FreeIPA

2013-09-25 Thread Petr Spacek
On 25.9.2013 08:20, Christian Horn wrote: On Tue, Sep 24, 2013 at 11:23:29AM -0600, Erinn Looney-Triggs wrote: I wanted to bring up the idea of integrating TLSA records into FreeIPA so that a host that is issued a certificate for say the web server (via dogtag) would also publish that

Re: [Freeipa-users] zeroconf/bonjour FreeIPA

2013-09-25 Thread Christian Horn
On Wed, Sep 25, 2013 at 08:52:53AM +0200, Petr Spacek wrote: On 25.9.2013 08:20, Christian Horn wrote: Hm.. another nice idea would be to announce services via zeroconf/bonjour. I guess effectively its the same as having clients search in DNS who offers service XYZ which we already do for

Re: [Freeipa-users] zeroconf/bonjour FreeIPA

2013-09-25 Thread Jakub Hrozek
On Wed, Sep 25, 2013 at 09:07:17AM +0200, Christian Horn wrote: On Wed, Sep 25, 2013 at 08:52:53AM +0200, Petr Spacek wrote: On 25.9.2013 08:20, Christian Horn wrote: Hm.. another nice idea would be to announce services via zeroconf/bonjour. I guess effectively its the same as having

Re: [Freeipa-users] zeroconf/bonjour FreeIPA

2013-09-25 Thread Alexander Bokovoy
On Wed, 25 Sep 2013, Christian Horn wrote: On Wed, Sep 25, 2013 at 08:52:53AM +0200, Petr Spacek wrote: On 25.9.2013 08:20, Christian Horn wrote: Hm.. another nice idea would be to announce services via zeroconf/bonjour. I guess effectively its the same as having clients search in DNS who

Re: [Freeipa-users] zeroconf/bonjour FreeIPA

2013-09-25 Thread Christian Horn
On Wed, Sep 25, 2013 at 10:43:16AM +0300, Alexander Bokovoy wrote: Before adding a support for this in FreeIPA it is worth to see if any of supposed clients would already have it supported. I was more having in mind to announce services that IPA learns about automatically, but the server

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Jan Cholasta
On 25.9.2013 10:17, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross realm trust with my Active Directory (Win2008 R2). Authentication

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Alexander Bokovoy
On Wed, 25 Sep 2013, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross realm trust with my Active Directory (Win2008 R2). Authentication

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Martin Kosek
On 09/25/2013 10:30 AM, Alexander Bokovoy wrote: On Wed, 25 Sep 2013, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross realm trust

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Sumit Bose
On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross realm trust with my Active Directory

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Alexander Bokovoy
On Wed, 25 Sep 2013, Sumit Bose wrote: On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully setup a testing environment with an IPA server (RHEL 6.4) and a cross

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Sumit Bose
On Wed, Sep 25, 2013 at 12:01:38PM +0300, Alexander Bokovoy wrote: On Wed, 25 Sep 2013, Sumit Bose wrote: On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander Bokovoy wrote: On Tue, 24 Sep 2013, Alexandre Ellert wrote: Hi, I've successfully

Re: [Freeipa-users] Where should new clients register?

2013-09-25 Thread Martin Kosek
On 09/25/2013 05:32 PM, Bret Wortman wrote: Does it make a difference which replica (or master) a new client registers with? I've traditionally tried to match them up with the closest ones, but if it doesn't make any real difference, I'll just grab whoever answers first and be done with it.

Re: [Freeipa-users] IPA Query Tuning and a Recovery Question

2013-09-25 Thread Charlie Derwent
On Mon, Sep 16, 2013 at 3:21 PM, Rob Crittenden rcrit...@redhat.com wrote: Rich Megginson wrote: On 09/16/2013 03:21 AM, Charlie Derwent wrote: Hi Update on the errors kinit charlesd kinit: Generic error (see e-text) while getting initial credentials krb5kdc.log - LOOKING_UP_CLIENT:

Re: [Freeipa-users] Cross-realm trust with AD and ssh keys management

2013-09-25 Thread Dmitri Pal
On 09/25/2013 06:34 AM, Martin Kosek wrote: On 09/25/2013 11:15 AM, Sumit Bose wrote: On Wed, Sep 25, 2013 at 12:01:38PM +0300, Alexander Bokovoy wrote: On Wed, 25 Sep 2013, Sumit Bose wrote: On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote: On 09/24/2013 04:40 PM, Alexander