On 09/17/2010 09:33 PM, Rob Crittenden wrote:
Better distinguish between when DNS discovery works and search more domains.


Passing domain and server on the command-line used to be considered as DNS autodiscovery worked. This was problematic if there was in fact no SRV records because krb5.conf would be configured without a specific KDC causing all Kerberos ops to fail.

Now if you pass in a domain/server it still tries to see if they are discoverable and if so won't hardcode a server, but will fall back to doing so if necessary.

Also be a lot more aggressive on looking for the SRV records. Use the search and domain values from /etc/resolv.conf on the chance that the SRV records aren't in the domain of the hostname of the machine.

An example of this would be if your laptop is in dhcp.example.com and your company's SRV records are in corp.example.com. Searching dhcp.example.com and example.com won't find the SRV records but the user is likely to have corp.redhat.com in the search list, at least.

rob


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to