SSSD / sssd

Clone

a309525 IPA: Only generate kdcinfo files on clients

Authored and Committed by jhrozek 6 years ago
raw patch tree parent
2 files changed. 18 lines added. 9 lines removed.
src/providers/ipa/ipa_common.c
file modified
+0 -9
src/providers/ipa/ipa_init.c
file modified
+18 -0 
    IPA: Only generate kdcinfo files on clients
    
    In some cases, IPA masters end up having a broken SSSD configuration
    that also includes the SRV records. This can cause the kdcinfo files to
    point to a different master which uses a different PKINIT certificate
    which is only valid for that IPA master. This can result e.g. in webui
    not working.
    
    This patch prevents the kdcinfo files from being generated on the IPA
    masters, but keep generating them on the clients.
    
    Not generating kdcinfo files on masters has no negative performance
    impact, because libkrb5 is configured via krb5.conf to point to self
    anyway.
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
file modified
+0 -9
file modified
+18 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.