[Freeipa-devel] [PATCH] 858 set SASL_NOCANON in client installer
Rob Crittenden
rcritten at redhat.com
Fri Aug 26 15:06:48 UTC 2011
If the IPA server's reverse DNS is broken, such as the PTR entry
pointing to a different name then enrollment will fail and ipa-getkeytab
won't work.
I tested with:
[rcrit at dane freeipa]$ getent hosts slinky
192.168.166.39 slinky.example.com
[rcrit at dane freeipa]$ getent hosts 192.168.166.39
192.168.166.39 lego.example.com
This relies on fixes in openldap and krb5 in Fedora-15. It is testable
in RHEL 6.2 though.
sssd has similar problems and they are making a change as well. Without
the sssd fix enrollment will succeed but nss won't work.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-858-rdns.patch
Type: text/x-patch
Size: 1784 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110826/96c305b4/attachment.bin>
More information about the Freeipa-devel
mailing list