mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
e7827a6f0c
Previously, dns_lookup_kdc was only set to True if DNS discovery worked or if the KDC was not specified on the command-line. Setting dns_lookup_kdc to False would result in a hardcoded configuration which is less reliable in the long run. For instance, adding a trust to an Active Directory forest after clients are enrolled would result in clients not being able to authenticate AD users. Recycling FreeIPA servers could prove problematic if the original hostnames are not reused too. Change summary: Always set dns_lookup_kdc to True on client enrollment. With this change, DNS SRV search will always be performed before looking into /etc/krb5.conf realm entries. Fixes: https://pagure.io/freeipa/issue/6523 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
|---|---|---|
| .. | ||
| csrgen | ||
| install | ||
| plugins | ||
| remote_plugins | ||
| __init__.py | ||
| __main__.py | ||
| csrgen_ffi.py | ||
| csrgen.py | ||
| discovery.py | ||
| frontend.py | ||
| Makefile.am | ||
| setup.cfg | ||
| setup.py | ||