[Freeipa-devel] [freeipa PR#746][edited] KDC proxy URI records
URL: https://github.com/freeipa/freeipa/pull/746 Author: MartinBasti Title: #746: KDC proxy URI records Action: edited Changed field: body Original value: """ Automatic creation of KDC proxy URI records Enables creation of following KDC proxy URL records per each replica: ``` _kerberos.example.com. IN URI "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; _kpasswd.example.com. IN URI "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; ``` Records are created for each replica in topology as KDC proxy is enabled by default. (If KDC proxy is manually disabled this record will be created anyway) URI records for kadmin discovery are not created because FreeIPA doesn't support kadmin. See: https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery https://pagure.io/freeipa/issue/6337 ### TODO - [x] Add URI records for 88/UDP, 88/TCP with higher priority to keep client asking directly KDC first - [ ] Add URI records for HTTPS only when kdc proxy is enabled on server (requires to update server roles with role attribute KDC proxy) - [ ] Update release notes - `Postponed`: Fix https://pagure.io/freeipa/issue/6906 to allow enroll FreeIPA clients using HTTPS KDC proxy """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#746][edited] KDC proxy URI records
URL: https://github.com/freeipa/freeipa/pull/746 Author: MartinBasti Title: #746: KDC proxy URI records Action: edited Changed field: body Original value: """ Automatic creation of KDC proxy URI records Enables creation of following KDC proxy URL records per each replica: ``` _kerberos.example.com. IN URI "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; _kpasswd.example.com. IN URI "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; ``` Records are created for each replica in topology as KDC proxy is enabled by default. (If KDC proxy is manually disabled this record will be created anyway) URI records for kadmin discovery are not created because FreeIPA doesn't support kadmin. See: https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery https://pagure.io/freeipa/issue/6337 ### TODO - [ ] Add URI records for 88/UDP, 88/TCP with higher priority to keep client asking directly KDC first - [ ] Add URI records for HTTPS only when kdc proxy is enabled on server (requires to update server roles with role attribute KDC proxy) - [ ] Fix https://pagure.io/freeipa/issue/6906 to allow enroll FreeIPA clients using HTTPS KDC proxy """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#746][edited] KDC proxy URI records
URL: https://github.com/freeipa/freeipa/pull/746 Author: MartinBasti Title: #746: KDC proxy URI records Action: edited Changed field: body Original value: """ Automatic creation of KDC proxy URI records Enables creation of following KDC proxy URL records per each replica: _kerberos.example.com. IN URI krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; _kpasswd.example.com. IN URI "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy; Records are created for each replica in topology as KDC proxy is enabled by default. (If KDC proxy is manually disabled this record will be created anyway) URI records for kadmin discovery are not created because FreeIPA doesn't support kadmin. See: https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery https://pagure.io/freeipa/issue/6337 ### TODO [ ] Add URI records for 88/UDP, 88/TCP with higher priority to keep client ask directly KDC first [ ] Add URI records for HTTPS only when kdc proxy is enabled on server (requires to update server roles with role attribute KDC proxy) [ ] Fix https://pagure.io/freeipa/issue/6906 to allow enroll FreeIPA clients using HTTPS KDC proxy """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
