On Fri, 2014-08-08 at 14:39 -0600, Rich Megginson wrote:
> On 08/08/2014 02:35 PM, Simo Sorce wrote:
> > On Fri, 2014-08-08 at 10:09 -0600, Rich Megginson wrote:
> >> On 08/08/2014 08:57 AM, brendan kearney wrote:
> >>> Kerberos is dependent on A records in dns. The instance (as in
> >>> principal
On Fri, 2014-08-08 at 15:16 -0400, brendan kearney wrote:
> Maybe I am reading too far into rfc 1178, but I hardly think making
> hostnames required to be fqdns is in anybodys interest. It is not a
> requirement now in any other technology anywhere, so what is the impetus to
> push it? I dont see
On Fri, 2014-08-08 at 17:03 -0300, Bruno Henrique Barbosa wrote:
> Hi everyone,
>
> I know this is such a rich debate, and I mean no offense to you guys,
> but can you focus answering my main question about FreeIPA and why
> can't I install/use it without FQDN and/or even after install it with
>
On 08/08/2014 02:35 PM, Simo Sorce wrote:
On Fri, 2014-08-08 at 10:09 -0600, Rich Megginson wrote:
On 08/08/2014 08:57 AM, brendan kearney wrote:
Kerberos is dependent on A records in dns. The instance (as in
principal/instance@REALM) should match the A record in dns.
There is absolutely no K
On Fri, 2014-08-08 at 10:09 -0600, Rich Megginson wrote:
> On 08/08/2014 08:57 AM, brendan kearney wrote:
> >
> > Kerberos is dependent on A records in dns. The instance (as in
> > principal/instance@REALM) should match the A record in dns.
> >
> > There is absolutely no Kerberos dependency on ho
u and sorry!
- Mensagem original -
De: "Petr Spacek"
Para: freeipa-users@redhat.com
Enviadas: Sexta-feira, 8 de agosto de 2014 16:46:08
Assunto: Re: [Freeipa-users] FreeIPA and FQDN requirements
Hello,
On 8.8.2014 21:16, brendan kearney wrote:
> Maybe I am reading too
> Assume that FQDN is constructed as static hostname.domainname from
> DHCP or via reverse DNS lookup. What happens if the machine (laptop)
> moves from one network to another? What if the machine have multiple
> interfaces?
>
> As a result, any change in FQDN will break your Kerberos setup.
The
Hello,
On 8.8.2014 21:16, brendan kearney wrote:
Maybe I am reading too far into rfc 1178, but I hardly think making
hostnames required to be fqdns is in anybodys interest. It is not a
requirement now in any other technology anywhere, so what is the impetus to
push it? I dont see any value in
On 08/08/2014 01:16 PM, brendan kearney wrote:
Maybe I am reading too far into rfc 1178,
http://tools.ietf.org/html/rfc1178
"This memo provides information for the Internet
community. It does not specify any standard."
I guess the upshot is - if you think that FreeIPA is being too
restr
Maybe I am reading too far into rfc 1178, but I hardly think making
hostnames required to be fqdns is in anybodys interest. It is not a
requirement now in any other technology anywhere, so what is the impetus to
push it? I dont see any value in it
On Aug 8, 2014 2:37 PM, "Rich Megginson" wrote:
On 08/08/2014 12:21 PM, brendan kearney wrote:
Double check your example. -h means the hostname of the ldap server
to connect to and issue your query to. Man page calls it ldaphost.
Yes.
I have not run across a client that does cert validation using ldap.
Is that IPA specific?
I'm
Double check your example. -h means the hostname of the ldap server to
connect to and issue your query to. Man page calls it ldaphost.
I have not run across a client that does cert validation using ldap. Is
that IPA specific?
It seems that a lot of effort is being spent to justify a dependency
On 08/08/2014 11:17 AM, brendan kearney wrote:
The cert should have the fqdn, just like the kerberos instance, but
the hostname is not required to be fq'd. The lookup of a short name,
as well as and more specifically the IP, in dns will result in the
fqdn being returned by dns (the short nam
The cert should have the fqdn, just like the kerberos instance, but the
hostname is not required to be fq'd. The lookup of a short name, as well
as and more specifically the IP, in dns will result in the fqdn being
returned by dns (the short name resolution being affected by domain and
search dire
On 08/08/2014 10:56 AM, brendan kearney wrote:
Arent all of those lookups done in dns?
Yes.
Wouldnt that mean hostnames being fqdn's is irrelevant?
Not sure what you mean.
I guess if you issued your server certs with a subject DN of
"cn=hostname", instead of "cn=hostname.domain.tld", a
Arent all of those lookups done in dns? Wouldnt that mean hostnames being
fqdn's is irrelevant?
On Aug 8, 2014 12:11 PM, "Rich Megginson" wrote:
> On 08/08/2014 08:57 AM, brendan kearney wrote:
>
> Kerberos is dependent on A records in dns. The instance (as in
> principal/instance@REALM) shoul
On 08/08/2014 08:57 AM, brendan kearney wrote:
Kerberos is dependent on A records in dns. The instance (as in
principal/instance@REALM) should match the A record in dns.
There is absolutely no Kerberos dependency on hostnames being fully
qualified. I have all my devices named with short na
Correction, its primary/instance@REALM
On Aug 8, 2014 10:57 AM, "brendan kearney" wrote:
> Kerberos is dependent on A records in dns. The instance (as in
> principal/instance@REALM) should match the A record in dns.
>
> There is absolutely no Kerberos dependency on hostnames being fully
> qualif
Kerberos is dependent on A records in dns. The instance (as in
principal/instance@REALM) should match the A record in dns.
There is absolutely no Kerberos dependency on hostnames being fully
qualified. I have all my devices named with short names and I have no
issues with Kerberos ticketing.
Th
On Fri, 08 Aug 2014, Bruno Henrique Barbosa wrote:
Hello everyone,
I'm running through an issue where an application needs its server's
hostname to be in short name format, such as "server" and not
"server.example.com". When I started deploying FreeIPA in the very
beginning of this year, I remem
20 matches
Mail list logo