From d0af8b28d7552b301d5d2c1af93ed1604dc5df8f Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 20 Jun 2011 15:39:25 -0400 Subject: On a master configure sssd to only talk to the local master. Otherwise it is possible for sssd to pick a different master to communicate with via the DNS SRV records and if the remote master goes down the local one will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187 --- ipa-client/ipa-install/ipa-client-install | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ipa-client/ipa-install/ipa-client-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 3b6385ef2..db0970a66 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): domain = sssdconfig.new_domain(cli_domain) domain.add_provider('ipa', 'id') - domain.set_option('ipa_server', '_srv_, %s' % cli_server) + if not options.on_master: + domain.set_option('ipa_server', '_srv_, %s' % cli_server) + else: + # the master should only use itself for Kerberos + domain.set_option('ipa_server', cli_server) domain.set_option('ipa_domain', cli_domain) if options.hostname: domain.set_option('ipa_hostname', options.hostname) -- cgit