On Fri, Nov 17, 2017 at 07:43:15PM +0000, Mark Ignacio wrote:
> Hey folks,
>
> During an internal reliability test, we recently found out that
> /var/lib/sss/pubconf/kdcinfo.${REALM} stays static even when the IP
> cached there is unreachable or down. During the test, kinit failed
> consistently for those unfortunate to have a bad KDC cached.
>
> I found this draft document which would probably solve this issue for
> us: https://docs.pagure.org/SSSD.sssd/design_pages/kerberos_locator_red
> esign.html
>
> But until said redesign happens, I'm thinking about workarounds. One
> idea is symlinking that file to /dev/null, another would be just
> periodically rm-ing it. I'm trying the first today on my laptop and it
> seems fine, but I haven't really tested it past that.
>
> Any suggestions?
You can also set the krb5_use_kdcinfo file to false to avoid generating
the file in the first place.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
