Bug 1639895

Summary: [RFE] krb5: update locator plugin interface
Product: [Fedora] Fedora Reporter: Robbie Harwood <rharwood>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED DEFERRED QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, j, nalin, npmccallum, rharwood, sbose, ssorce
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-10 17:36:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robbie Harwood 2018-10-16 20:23:17 UTC 
The current interface for server location plugins is old and hasn't kept up with changes.  In particular, there is no support for HTTPS endpoints, plugins must perform their own DNS, and the number of servers that can be returned is opaque.

Among other things, this would enable sssd to use URI records from DNS for Kerberos/IPA discovery (https://pagure.io/SSSD/sssd/issue/3533), which would in turn allow sssd/freeIPA to not require ports 88 and 464 to be open.
Comment 1 Robbie Harwood 2020-09-10 17:36:08 UTC 
Clearing out tracker of things that aren't likely to happen soon, but this remains on my todo list tracked elsewhere.