On 23.06.25 09:49, Diogène Mutombo via FreeIPA-users wrote:
Dear FreeIPA users,
I’m encountering an issue when cloning a virtual machine that is a FreeIPA
client.
After cloning, I change both the IP address and the system hostname of the new
VM. However, I noticed that the system can still authenticate users using the
original FreeIPA keytab, even though the hostname has changed.
This seems incorrect, as I would expect the hostname in the keytab to match the
system hostname. Yet, the new system continues to authenticate FreeIPA users as
if it still had the old hostname.
My questions:
How can I ensure that a cloned VM with a new hostname and IP cannot continue to
authenticate using the keytab from the original machine?
I would say that a "fresh" ipa-client-install is required. (after a
proper ipa-client-install --uninstall before which might also be
problematic due to the cloning...)
Cheers,
Ronald
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
