diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-06-20 15:39:25 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-06-21 16:07:06 +0200 |
| commit | d0af8b28d7552b301d5d2c1af93ed1604dc5df8f (patch) | |
| tree | f75c25dfc33300887d5526399f305fb26b3bbb54 | |
| parent | 5f23c29d7088e1bfdf7c857783b694ecacc1ec90 (diff) | |
| download | freeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.tar.gz freeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.tar.xz freeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.zip | |
On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.
ticket https://fedorahosted.org/freeipa/ticket/1187
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 3b6385ef2..db0970a66 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): domain = sssdconfig.new_domain(cli_domain) domain.add_provider('ipa', 'id') - domain.set_option('ipa_server', '_srv_, %s' % cli_server) + if not options.on_master: + domain.set_option('ipa_server', '_srv_, %s' % cli_server) + else: + # the master should only use itself for Kerberos + domain.set_option('ipa_server', cli_server) domain.set_option('ipa_domain', cli_domain) if options.hostname: domain.set_option('ipa_hostname', options.hostname) |