Re: [Freeipa-users] Freeipa and FQDN requirement
On Mon, 25 Jul 2016, Ilan Green wrote: Thanks, The issue per customer is having loads of legacy applications programmed to use short host names - it will be cumbersome to fix it What Petr asked about is to not host IPA server on the same machine as those legacy apps. Have IPA servers separate from legacy apps. There is no need to rename all legacy hosts but there is also no need to have IPA master hosted on the same machine as any of those legacy hosts. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Freeipa and FQDN requirement
Thanks, The issue per customer is having loads of legacy applications programmed to use short host names - it will be cumbersome to fix it Ilan Green Senior Technical Account Manager - EMEA Red Hat Mobile (+972) 52 3403218 email: igr...@redhat.com - Original Message - > From: "Petr Spacek" > To: freeipa-users@redhat.com > Sent: Monday, July 25, 2016 4:01:39 PM > Subject: Re: [Freeipa-users] Freeipa and FQDN requirement > On 25.7.2016 14:49, Ilan Green wrote: > > Hello, > > Customer wants to switch between the IPA server FQDN and short name in > > /etc/hosts (having the short name first) post IPA install? > > > > Can anyone please confirm that the suggestions & reservations listed by > > Simo Sorce in the following thread still apply - i.e. no RFE was ever > > applied yet? > > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00079 > > > > mainly: > > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00104 > > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00105 > This might or might not work, we do not test this scenario. > In any case it goes directly against procedures in official docs: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#dns-reqs > ... so do not be surprised if things break. > In general we strongly recommend to use a dedicated machine for IdM server > for > security reasons. There should be no technical reason not to use FQDN > hostname > for a dedicated VM as the requirement for short names as hostname usually > comes from crappy applications. > -- > Petr^2 Spacek > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Freeipa and FQDN requirement
On 25.7.2016 14:49, Ilan Green wrote: > Hello, > Customer wants to switch between the IPA server FQDN and short name in > /etc/hosts (having the short name first) post IPA install? > > Can anyone please confirm that the suggestions & reservations listed by Simo > Sorce in the following thread still apply - i.e. no RFE was ever applied yet? > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00079 > > mainly: > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00104 > https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00105 This might or might not work, we do not test this scenario. In any case it goes directly against procedures in official docs: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#dns-reqs ... so do not be surprised if things break. In general we strongly recommend to use a dedicated machine for IdM server for security reasons. There should be no technical reason not to use FQDN hostname for a dedicated VM as the requirement for short names as hostname usually comes from crappy applications. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Freeipa and FQDN requirement
Hello, Customer wants to switch between the IPA server FQDN and short name in /etc/hosts (having the short name first) post IPA install? Can anyone please confirm that the suggestions & reservations listed by Simo Sorce in the following thread still apply - i.e. no RFE was ever applied yet? https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00079 mainly: https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00104 https://www.redhat.com/archives/freeipa-users/2014-August/thread.html#00105 Thanks, Ilan Green Senior Technical Account Manager - EMEA Red Hat Mobile (+972) 52 3403218 email: igr...@redhat.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project