KDC proxy is a web server. Kerberos clients need to know where this server is if the client is outside the firewall. Clients know where the normal KDC is using SRV records. A new RFC was created to allow Kerberos client also to look at URI DNS records to determine where KDC proxy is.
This ticket requests automatic creation of the URI records in IdM DNS in the same way as we create Kerberos SRV records for each IdM server.
This depends on https://bugzilla.redhat.com/show_bug.cgi?id=1389072.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
Metadata Update from @mbasti: - Issue assigned to mbasti (was: someone)
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue priority set to: blocker (was: major) - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5 backlog)
Postponing to 4.7. Enabling these records breaks client installation and might cause potential other issues we don't know about. @mbasti, please file a bug.
https://www.redhat.com/archives/freeipa-devel/2017-April/msg00641.html
Metadata Update from @pvoborni: - Issue priority set to: critical (was: blocker) - Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)
FreeIPA client HTTPS KDC proxy ticket: https://pagure.io/freeipa/issue/6906
Metadata Update from @mbasti: - Assignee reset
Relevant: https://pagure.io/freeipa/issue/5052 (perform client configuration on the basis of the new URI discovery Internet Draft)
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1485874 (was: todo)
Issue linked to Bugzilla: Bug 1485874
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
Was this superseded by https://pagure.io/freeipa/issue/8968?
It sure looks that way to me.
Metadata Update from @rcritten: - Issue set to the milestone: None (was: FreeIPA 4.7.1)
Login to comment on this ticket.