From 99181f694d2d78aa01e402a95a9423741456d2af Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Jun 21 2011 14:07:14 +0000
Subject: On a master configure sssd to only talk to the local master.


Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.

ticket https://fedorahosted.org/freeipa/ticket/1187

---

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3b6385e..db0970a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
     domain = sssdconfig.new_domain(cli_domain)
     domain.add_provider('ipa', 'id')
 
-    domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+    if not options.on_master:
+        domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+    else:
+        # the master should only use itself for Kerberos
+        domain.set_option('ipa_server', cli_server)
     domain.set_option('ipa_domain', cli_domain)
     if options.hostname:
         domain.set_option('ipa_hostname', options.hostname)