[Freeipa-devel] [PATCH] 858 set SASL_NOCANON in client installer
Simo Sorce
simo at redhat.com
Fri Aug 26 15:29:37 UTC 2011
On Fri, 2011-08-26 at 11:06 -0400, Rob Crittenden wrote:
> If the IPA server's reverse DNS is broken, such as the PTR entry
> pointing to a different name then enrollment will fail and
> ipa-getkeytab
> won't work.
>
> I tested with:
>
> [rcrit at dane freeipa]$ getent hosts slinky
> 192.168.166.39 slinky.example.com
> [rcrit at dane freeipa]$ getent hosts 192.168.166.39
> 192.168.166.39 lego.example.com
>
> This relies on fixes in openldap and krb5 in Fedora-15. It is
> testable
> in RHEL 6.2 though.
>
> sssd has similar problems and they are making a change as well.
> Without
> the sssd fix enrollment will succeed but nss won't work.
>
ACK!
Simo.
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list