On 6.3.2015 15:13, Matt . wrote: > Hi, > > But as the user is the same, I could use the same keytab for each ipa server ? > > I need to use the API indeed, so need to issue the http service. > > Any other options ?
I do not really understand your use case. Could you describe it in detail, please? Petr^2 Spacek > 2015-03-06 14:24 GMT+01:00 Petr Spacek <[email protected]>: >> On 6.3.2015 14:08, Martin Kosek wrote: >>> I'm figuring out how to regenerate the webserver certificates so I can >>> use a loadbalancer in front of my ipa servers. >> >> Are you talking about FreeIPA web interface? It is technically possible to >> use >> load-balancer but it will be really hacky. You would have to solve >> certificates and also distribute shared keytabs and so on. >> >> I would recommend you to use "something" which issues HTTP redirect to ipa >> server 1/2/3/4/5 according to current state instead of using classical load >> balancer on the network level. Normal HTTP redirect will not force you to >> mess >> with certs and keytabs. >> >> -- >> Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
