On 8.12.2016 10:12, Pieter Nagel wrote:
> On Thu, Dec 8, 2016 at 10:59 AM, Alexander Bokovoy <aboko...@redhat.com>
> wrote:
> 
>> It is really simply: your DNS domain named as your Kerberos realm must
>> be under your control, one way or another, to allow automatic discovery
>> of resources to work.
>>
> 
> Thanks, this explanation makes it crystal clear. This exact phrasing would
> have made the docs much clearer too, IMO.
> 
> Setting the realm to the DNS domain that the FreeIPA internal DNS server
> serves is just one simple out-of-the box way to get DNS domain named as
> your Kerberos realm that is under your control, in other words.

I've tried to clarify things in man pages and on web as well. Please have a
look to changes and let us know if it is better or not, and preferably what
can be improved and in which way

The modified deployment page is here:
http://www.freeipa.org/page/Deployment_Recommendations

Man page changes and changes in description of installer options are here:
https://github.com/freeipa/freeipa/pull/352

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
  • ... List dedicated to discussions about use, configuration and deployment of the IPA server.
    • ... freeIPA users list
      • ... Pieter Nagel
        • ... Jacob Evans
      • ... Brian Candler
        • ... Petr Spacek
        • ... Pieter Nagel
          • ... Alexander Bokovoy
            • ... Pieter Nagel
              • ... Petr Spacek
                • ... Brian Candler
                • ... Martin Basti
                • ... Brian Candler
                • ... Brian Candler
                • ... Alexander Bokovoy
                • ... Brian Candler
          • ... Brian Candler
            • ... Alexander Bokovoy

Reply via email to