On Thu, 2014-08-28 at 22:28 +0200, Lukas Slebodnik wrote:
>So far this is working fine, with a minor issue around password
>expiration (a known issue).
>NOTE: The IPA server does not keep a list of hosts since we are not
>using the ipa-client / kerberos setup.
1. you needn't register machine with ipa-client install (obtain
keytab)
if you want to use auth_provider krb5 and chpass_provider krb5
e.g.
auth_provider = krb5
chpass_provider = krb5
krb5_realm = IPA.EXAMPLE.TEST
krb5_server = ipa-host.ipa.example.test
Without a keytab validation is not possible, that's not ideal.
Simo.
--
Simo Sorce * Red Hat, Inc * New York