freeipa

Clone
Source Code
GIT

bff0994 ipa-client-install: unilaterally set dns_lookup_kdc to True

1 file Authored by François Cami 3 years ago, Committed by abbra 3 years ago,
raw patch tree parent
1 file changed. 1 lines added. 2 lines removed.
ipaclient/install/client.py
file modified
+1 -2 
    ipa-client-install: unilaterally set dns_lookup_kdc to True
    
    Previously, dns_lookup_kdc was only set to True if DNS
    discovery worked or if the KDC was not specified on the
    command-line.
    
    Setting dns_lookup_kdc to False would result in a hardcoded
    configuration which is less reliable in the long run.
    For instance, adding a trust to an Active Directory forest
    after clients are enrolled would result in clients not being
    able to authenticate AD users. Recycling FreeIPA servers
    could prove problematic if the original hostnames are not
    reused too.
    
    Change summary:
    Always set dns_lookup_kdc to True on client enrollment.
    With this change, DNS SRV search will always be performed
    before looking into  /etc/krb5.conf realm entries.
    
    Fixes: https://pagure.io/freeipa/issue/6523
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+1 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.