[Freeipa-devel] [PATCH] 858 set SASL_NOCANON in client installer
Rob Crittenden
rcritten at redhat.com
Fri Aug 26 17:54:03 UTC 2011
Simo Sorce wrote:
> On Fri, 2011-08-26 at 11:06 -0400, Rob Crittenden wrote:
>> If the IPA server's reverse DNS is broken, such as the PTR entry
>> pointing to a different name then enrollment will fail and
>> ipa-getkeytab
>> won't work.
>>
>> I tested with:
>>
>> [rcrit at dane freeipa]$ getent hosts slinky
>> 192.168.166.39 slinky.example.com
>> [rcrit at dane freeipa]$ getent hosts 192.168.166.39
>> 192.168.166.39 lego.example.com
>>
>> This relies on fixes in openldap and krb5 in Fedora-15. It is
>> testable
>> in RHEL 6.2 though.
>>
>> sssd has similar problems and they are making a change as well.
>> Without
>> the sssd fix enrollment will succeed but nss won't work.
>>
>
> ACK!
>
> Simo.
>>
pushed to master and ipa-2-1
More information about the Freeipa-devel
mailing list