Issue #931: fine tuning krb5.conf DNS options - freeipa

freeipa

#931 fine tuning krb5.conf DNS options

Closed: Fixed None Opened 13 years ago by simo.

There a re a few DNS options in krb5.conf that I think we should tune.

On freeipa servers we should NOT set the dns discovery knobs to true, because it might cause chicken/egg issues when we try to init the DNS server keytab within the DNS server when it starts.

We must make sure that the server hostname is resolved by /etc/hosts

On all servers and clients we should set rdns = false by default so that kerberos libraries do not insist in doing reverse IP resolution. This helps in environments where reverse entries can't be managed and reverse/forward do not match.

So on servers set:

 dns_lookup_realm = false
 dns_lookup_kdc = false
 rdns = false

On clients set:

 dns_lookup_realm = true
 dns_lookup_kdc = true
 rdns = false

jhrozek commented 13 years ago

master: 22c3a68

Metadata Update from @simo:
- Issue assigned to jhrozek
- Issue set to the milestone: FreeIPA 2.0.1 RC (bug fixing)

7 years ago

Metadata

Assignee

jhrozek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.0.1 RC (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#931 fine tuning krb5.conf DNS options Closed: Fixed None Opened 13 years ago by simo.

Metadata

#931 fine tuning krb5.conf DNS options

Closed: Fixed None Opened 13 years ago by simo.