As an administrator I'd like to run ipa-getkeytab and let it find an IPA server rather than specifying one on the command-line or relying on /etc/ipa/default.conf. If multiple servers are discovered keep trying on connection errors but fail hard on anything else.
This will make automation of ipa-getkeytab much simpler as it can find and potentially try multiple servers until the keytab is obtained.
To make it less invasive, I'd suggest we simply add a special value for -s <server> option: if a server name specified is _srv_, then we do dynamic discovery instead of using /etc/ipa/default.conf.
-s <server>
_srv_
/etc/ipa/default.conf
This would be in line with SSSD way of representing dynamic discovery that is already implemented and would be an explicit action by an administrator asking the specific behavior.
certmonger has srv handling code we could lift for this but I'm not aware of any library that provides this capability. It's a couple hundred LoC in certmonger.
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/5905
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1988383
Issue linked to Bugzilla: Bug 1988383
master:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.