Re: [389-devel] Please review: [389 Project] #48328: RFE: Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 31.10.2015 00:38, Noriko Hosoi wrote:

https://fedorahosted.org/389/ticket/48328

https://fedorahosted.org/389/attachment/ticket/48328/0001-Ticket-48328-RFE-Allow-RHDS-to-be-setup-using-a-DNS-.patch
This will break later with GSSAPI setup: Kerberos needs A name and if A name is different from the hostname, 389-ds may be confused as a server for GSSAPI-based LDAP binds. There might also be issues with GSSAPI-based replication agreements.
At the same time, GSSAPI use will break anyway with load balancing unless proper S4U2Proxy is set up for those cases (rarely so), so I would rather make it obviously documented than denying support for CNAME-based configurations. 

--
/ Alexander Bokovoy



--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux