summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-06-20 15:39:25 -0400
committerMartin Kosek <mkosek@redhat.com>2011-06-21 16:07:06 +0200
commitd0af8b28d7552b301d5d2c1af93ed1604dc5df8f (patch)
treef75c25dfc33300887d5526399f305fb26b3bbb54
parent5f23c29d7088e1bfdf7c857783b694ecacc1ec90 (diff)
downloadfreeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.tar.gz
freeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.tar.xz
freeipa-d0af8b28d7552b301d5d2c1af93ed1604dc5df8f.zip
On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to communicate with via the DNS SRV records and if the remote master goes down the local one will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187
-rwxr-xr-xipa-client/ipa-install/ipa-client-install6
1 files changed, 5 insertions, 1 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3b6385ef2..db0970a66 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
domain = sssdconfig.new_domain(cli_domain)
domain.add_provider('ipa', 'id')
- domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ if not options.on_master:
+ domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ else:
+ # the master should only use itself for Kerberos
+ domain.set_option('ipa_server', cli_server)
domain.set_option('ipa_domain', cli_domain)
if options.hostname:
domain.set_option('ipa_hostname', options.hostname)