Replica installers use different method to set up replication agreements and do initial sync in domain level 0 and domain level 1, respectively:
in DL0 the agreements are created using simple binds/STARTTLS and are converted to use SASL/GSSAPI mech later during KDC install
in DL1 the agreements are configured to use GSSAPI right away
Preliminary prototyping shows that both domain levels may share the mechanism used in DL1 after some adjustments are made regarding service keytab retrieval (see #6405). This helps to keep the amount of DL-specific code at minimum.
Care must be taken to ensure that the common mechanism works against older masters.
Part of the installer refactoring effort.
master:
Metadata Update from @mbabinsk: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.5
Log in to comment on this ticket.