Remove requirement that forces ipa-client-install to only support fqdn.
Use case: Infrastructure is configured in such a way that it uses short names and when setting up ipa-client-install it will change there system to use fqdn that they in turn will have to change back.
# ipa-client-install --domain=example.com --server=ipa.example.com --realm=EXAMPLE.COM --principal=admin --password=<password> --hostname=testserver --no-ntp
Discussion:
Simo Sorce wrote:
Martin Kosek wrote: Hello, We have a request for the FQDN support on the client. I was wondering what to do with this request, whether it is possible. I found 3 very related Simo's replies in this topic: https://www.redhat.com/archives/freeipa-users/2014-August/msg00105.html https://www.redhat.com/archives/freeipa-users/2012-March/msg00012.html https://www.redhat.com/archives/freeipa-users/2012-March/msg00017.html So to me, it looks like the RFE may be doable and would transfer in following actions: ipa-client-install should allow short names as long as it can get FQDN by any other mean (DNS PTR query, hostname -f, --hostname). If shortname is used, IPA should generate appropriate keytab for both FQDN and the short name, as AD does. So this would be the prerequisite: https://fedorahosted.org/freeipa/ticket/3961 https://fedorahosted.org/freeipa/ticket/3864 We can't add the shortname, what do you do with the two machines: 1. martin.foo.example.com 2. martin.bar.example.com They both are named martin, only one can get a short name. We may restrict shortname creation only to machines in the original IPA DNS domain, but then you get another problem, conflict with usernames. So now we also need to append a $ to the machine name (like Microsoft does, for consistency). But then no "unix" software will know to use this special name, it won't hurt though. Of course we can also provide host/shortname@REALM keys (or better, just aliases). If we need to do this we should use aliases, but then we need to fix our aliases support, we have bugs open but nobody to look at them.
Martin Kosek wrote:
Hello, We have a request for the FQDN support on the client. I was wondering what to do with this request, whether it is possible. I found 3 very related Simo's replies in this topic: https://www.redhat.com/archives/freeipa-users/2014-August/msg00105.html https://www.redhat.com/archives/freeipa-users/2012-March/msg00012.html https://www.redhat.com/archives/freeipa-users/2012-March/msg00017.html So to me, it looks like the RFE may be doable and would transfer in following actions: ipa-client-install should allow short names as long as it can get FQDN by any other mean (DNS PTR query, hostname -f, --hostname). If shortname is used, IPA should generate appropriate keytab for both FQDN and the short name, as AD does. So this would be the prerequisite: https://fedorahosted.org/freeipa/ticket/3961 https://fedorahosted.org/freeipa/ticket/3864
Hello,
We have a request for the FQDN support on the client.
I was wondering what to do with this request, whether it is possible. I found 3 very related Simo's replies in this topic:
So to me, it looks like the RFE may be doable and would transfer in following actions:
ipa-client-install should allow short names as long as it can get FQDN by any other mean (DNS PTR query, hostname -f, --hostname).
If shortname is used, IPA should generate appropriate keytab for both FQDN and the short name, as AD does. So this would be the prerequisite: https://fedorahosted.org/freeipa/ticket/3961 https://fedorahosted.org/freeipa/ticket/3864
We can't add the shortname, what do you do with the two machines: 1. martin.foo.example.com 2. martin.bar.example.com
They both are named martin, only one can get a short name.
We may restrict shortname creation only to machines in the original IPA DNS domain, but then you get another problem, conflict with usernames. So now we also need to append a $ to the machine name (like Microsoft does, for consistency). But then no "unix" software will know to use this special name, it won't hurt though.
Of course we can also provide host/shortname@REALM keys (or better, just aliases).
If we need to do this we should use aliases, but then we need to fix our aliases support, we have bugs open but nobody to look at them.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1202933 (Red Hat Enterprise Linux 6)
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
The linked BZ is closed WONTFIX, closing this as well.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.