On 06.05.2016 15:55, Christian Heimes wrote:
On 2016-05-06 15:50, Martin Babinsky wrote:
On 05/06/2016 03:43 PM, Petr Spacek wrote:

I wonder if we should stop supporting new installations where
Kerberos realm != uppercase(primary DNS domain).

It breaks a lot of stuff, is harder to manager and docs are full of
discouraging it anyway.

Do we really need to support it for new installs?

Since many people using such setup are bound to shoot themselves in the
foot at some point I would argue for dropping support for this.

I even fail to see the use case for having realm different that domain

We could consider a --force option to skip the check and allow people to
shoot themselves in the knee.


And dont forgot about current installation that may have different domain and realm, otherwise sounds good
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to