Learn more about these different git repos.
Other Git URLs
Currently, the only way to turn off reverse DNS resolution in Kerberos is to set "rdns=False" in /etc/krb5.conf. From an IRC discussion with Sumit:
< jhrozek> sbose: do you think it would be useful to set this from SSSD to e.g. set rdns to true in one domain and false in another?
< sbose> jhrozek, is the reverse lookup done for every hostname or only when no fqdn is available ?
< jhrozek> sbose: I /think/ it is for every hostname, I only tested with FQDNs
< sbose> jhrozek, ok, then I think it would make sense to make this configurable, because according to man krb5.conf the default is true and chances are that it will quite often fail with AD. If we add this option we should also recommend to use this with AD if people are not really sure the reverse lookups are configured properly in AD.
Fields changed
component: SSSD => Kerberos Provider milestone: NEEDS_TRIAGE => SSSD 1.9.0 owner: somebody => jhrozek
blockedby: => blocking: => milestone: SSSD 1.9.0 => SSSD Kerberos improvements
rhbz: => 0
feature_milestone: => proposed_priority: => Core summary: Add a Kerberos provider option to set rdns=False => [RFE] Add a Kerberos provider option to set rdns=False type: defect => enhancement
Does it have impact on the AD or IPA provider? I suspect yes. Please fork other tickets if this is the case.
The AD and IPA providers can reuse the Kerberos option just fine.
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta
priority: major => critical
design: => design_review: => 0 fedora_test_page: => selected: => Want
owner: jhrozek => okos
review: => 1
milestone: SSSD 1.10 beta => SSSD Deferred
Since rdns=false is the default for Kerberos now, I'm closing this ticket as invalid.
changelog: => mark: => 0 resolution: => invalid sensitive: => 0 status: new => closed
Metadata Update from @jhrozek: - Issue assigned to okos - Issue set to the milestone: SSSD Patches welcome
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2054
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.