[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-devel
Subject:    Re: [389-devel] Please review: [389 Project] #48328: RFE: Allow RHDS to be setup using a DNS CNAME a
From:       Alexander Bokovoy <abokovoy () redhat ! com>
Date:       2015-11-01 9:20:21
Message-ID: 5635D955.607 () redhat ! com
[Download RAW message or body]



On 31.10.2015 00:38, Noriko Hosoi wrote:
> https://fedorahosted.org/389/ticket/48328
> 
> https://fedorahosted.org/389/attachment/ticket/48328/0001-Ticket-48328-RFE-Allow-RHDS-to-be-setup-using-a-DNS-.patch
> 
This will break later with GSSAPI setup: Kerberos needs A name and if A 
name is different from the hostname, 389-ds may be confused as a server 
for GSSAPI-based LDAP binds. There might also be issues with 
GSSAPI-based replication agreements.

At the same time, GSSAPI use will break anyway with load balancing 
unless proper S4U2Proxy is set up for those cases (rarely so), so I 
would rather make it obviously documented than denying support for 
CNAME-based configurations.

-- 
/ Alexander Bokovoy



--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel


[prev in list] [next in list] [prev in thread] [next in thread]