You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On IPA servers we need to turn on by default dns_lookup_kdc to true
The reason is that we need to allow IPA servers to properly resolve trusted domains via DNS.
However we do not want to really do DNS resolution for our own realm.
If the ipa_server option point to a single server we should dump in the locator plugin file the first name as soon as the ipa backend is initialized, even before any lookup is done.
This will allow libkrb5 to never perform DNS lookups by default but refer only to the local server.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1401
On IPA servers we need to turn on by default dns_lookup_kdc to true
The reason is that we need to allow IPA servers to properly resolve trusted domains via DNS.
However we do not want to really do DNS resolution for our own realm.
If the ipa_server option point to a single server we should dump in the locator plugin file the first name as soon as the ipa backend is initialized, even before any lookup is done.
This will allow libkrb5 to never perform DNS lookups by default but refer only to the local server.
Comments
Comment from dpal at 2012-07-05 15:30:33
This is a dup of a part of the #941. We are closing this ticket and pulling in #941.
Comment from dpal at 2012-07-05 15:30:44
Fields changed
resolution: => duplicate
status: new => closed
Comment from simo at 2017-02-24 14:34:06
Metadata Update from @Simo:
The text was updated successfully, but these errors were encountered: