On Tue, 2011-06-21 at 14:41 -0400, Dan Scott wrote: > > Excellent! Thanks - that makes much more sense. I've been using > authconfig-tui all this time and had no idea that it was doing things > incorrectly. > > One small issue that I found, if I switch on the "Use DNS to resolve > hosts to realms" option, then the krb5_realm (in sssd.conf) and > default_realm (in krb5.conf) are removed and my authentication fails. > I'm pretty sure that I have DNS correctly configured (_kerberos > IN TXT EXAMPLE.COM). Does the sssd client look for different > DNS records for realm discovery? Actually, we don't currently support *realm* discovery. We only support KDC discovery (using ._kerberos._tcp IN SRV EXAMPLE.COM) Feel free to open an RFE at https://fedorahosted.org/sssd (Fedora Account required to open tickets) for support of detecting the realm by TXT record.
Description: This is a digitally signed message part