[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-devel
Subject: Re: [389-devel] Please review: [389 Project] #48328: RFE: Allow RHDS to be setup using a DNS CNAME a
From: Alexander Bokovoy <abokovoy () redhat ! com>
Date: 2015-11-01 9:20:21
Message-ID: 5635D955.607 () redhat ! com
[Download RAW message or body]
On 31.10.2015 00:38, Noriko Hosoi wrote:
> https://fedorahosted.org/389/ticket/48328
>
> https://fedorahosted.org/389/attachment/ticket/48328/0001-Ticket-48328-RFE-Allow-RHDS-to-be-setup-using-a-DNS-.patch
>
This will break later with GSSAPI setup: Kerberos needs A name and if A
name is different from the hostname, 389-ds may be confused as a server
for GSSAPI-based LDAP binds. There might also be issues with
GSSAPI-based replication agreements.
At the same time, GSSAPI use will break anyway with load balancing
unless proper S4U2Proxy is set up for those cases (rarely so), so I
would rather make it obviously documented than denying support for
CNAME-based configurations.
--
/ Alexander Bokovoy
--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic