On 7 Jun 2014 18:38, steve <[email protected]> wrote: > Hi > Thanks. > Yes, same here. Even though bind allows the signed updates from sssd, we > don't need them. We can authenticate using sssd no matter what IP is > assigned and no matter what is stored in AD. Maybe the ddns requirement > could be removed from the default ad-backend?
You can hijack a keytab from another machine and use it for sssd, so correct DNS really doesn't matter for pure sssd operation. You'll only cause bother for things using kerberos auth as a service (say samba/http/NFS/SSH), which if you like such things is a big deal. jh _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
