On Tue, 2011-06-21 at 14:41 -0400, Dan Scott wrote:
> Excellent! Thanks - that makes much more sense. I've been using
> authconfig-tui all this time and had no idea that it was doing things
> incorrectly.
> One small issue that I found, if I switch on the "Use DNS to resolve
> hosts to realms" option, then the krb5_realm (in sssd.conf) and
> default_realm (in krb5.conf) are removed and my authentication fails.
> I'm pretty sure that I have DNS correctly configured (_kerberos
>        IN TXT EXAMPLE.COM). Does the sssd client look for different
> DNS records for realm discovery?

Actually, we don't currently support *realm* discovery. We only support
KDC discovery (using ._kerberos._tcp IN SRV EXAMPLE.COM)

Feel free to open an RFE at https://fedorahosted.org/sssd (Fedora
Account required to open tickets) for support of detecting the realm by
TXT record.

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to