Dne 28.5.2015 v 16:48 Nathaniel McCallum napsal(a):
On Thu, 2015-05-28 at 16:34 +0200, Christian Heimes wrote:
Jan has suggested to ipaConfigString=kdcProxyEnabled in
cn=KDC,cn=$FQDN,cn=masters,cn=ipa,cn=etc instead of
cn=KDCPROXY,cn=$FQDN,cn=masters,cn=ipa,cn=etc. It makes sense to me.
After all MS-KKDCP is just another transport for the KDC. 
There may be a security concern here if we aren't careful. I think I'm
in favor of KDCPROXY since it is a different application.
What concern would that be? It has been already established that KDC
proxy is not a different application, but rather a subcomponent of KDC
in the other thread.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code