On 06.05.2016 15:55, Christian Heimes wrote:
And dont forgot about current installation that may have different
domain and realm, otherwise sounds good
On 2016-05-06 15:50, Martin Babinsky wrote:
On 05/06/2016 03:43 PM, Petr Spacek wrote:
I wonder if we should stop supporting new installations where
Kerberos realm != uppercase(primary DNS domain).
It breaks a lot of stuff, is harder to manager and docs are full of
discouraging it anyway.
Do we really need to support it for new installs?
Since many people using such setup are bound to shoot themselves in the
foot at some point I would argue for dropping support for this.
I even fail to see the use case for having realm different that domain
We could consider a --force option to skip the check and allow people to
shoot themselves in the knee.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code