[Freeipa-users] Configuring a Fedora 15 client to connect to a FreeIPA 1.2 server
Stephen Gallagher
sgallagh at redhat.com
Tue Jun 21 18:49:27 UTC 2011
On Tue, 2011-06-21 at 14:41 -0400, Dan Scott wrote:
>
> Excellent! Thanks - that makes much more sense. I've been using
> authconfig-tui all this time and had no idea that it was doing things
> incorrectly.
>
> One small issue that I found, if I switch on the "Use DNS to resolve
> hosts to realms" option, then the krb5_realm (in sssd.conf) and
> default_realm (in krb5.conf) are removed and my authentication fails.
> I'm pretty sure that I have DNS correctly configured (_kerberos
> IN TXT EXAMPLE.COM). Does the sssd client look for different
> DNS records for realm discovery?
Actually, we don't currently support *realm* discovery. We only support
KDC discovery (using ._kerberos._tcp IN SRV EXAMPLE.COM)
Feel free to open an RFE at https://fedorahosted.org/sssd (Fedora
Account required to open tickets) for support of detecting the realm by
TXT record.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110621/5689f4e8/attachment.sig>
More information about the Freeipa-users
mailing list