On a master configure sssd to only talk to the local master.

Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.

ticket https://fedorahosted.org/freeipa/ticket/1187
This commit is contained in:
Rob Crittenden 2011-06-20 15:39:25 -04:00 committed by Martin Kosek
parent 5f23c29d70
commit d0af8b28d7

View File

@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
domain = sssdconfig.new_domain(cli_domain)
domain.add_provider('ipa', 'id')
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
if not options.on_master:
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
else:
# the master should only use itself for Kerberos
domain.set_option('ipa_server', cli_server)
domain.set_option('ipa_domain', cli_domain)
if options.hostname:
domain.set_option('ipa_hostname', options.hostname)