On 8.12.2016 10:12, Pieter Nagel wrote: > On Thu, Dec 8, 2016 at 10:59 AM, Alexander Bokovoy <aboko...@redhat.com> > wrote: > >> It is really simply: your DNS domain named as your Kerberos realm must >> be under your control, one way or another, to allow automatic discovery >> of resources to work. >> > > Thanks, this explanation makes it crystal clear. This exact phrasing would > have made the docs much clearer too, IMO. > > Setting the realm to the DNS domain that the FreeIPA internal DNS server > serves is just one simple out-of-the box way to get DNS domain named as > your Kerberos realm that is under your control, in other words.
I've tried to clarify things in man pages and on web as well. Please have a look to changes and let us know if it is better or not, and preferably what can be improved and in which way The modified deployment page is here: http://www.freeipa.org/page/Deployment_Recommendations Man page changes and changes in description of installer options are here: https://github.com/freeipa/freeipa/pull/352 -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project