Bug 591681 – RFE: Gray out KDC and admin fields when kerberos parameters are discovered via DNS

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 591681 - RFE: Gray out KDC and admin fields when kerberos parameters are discovered via DNS

Summary:	RFE: Gray out KDC and admin fields when kerberos parameters are discovered vi...

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	authconfig (Show other bugs)
Sub Component:
Version:	13
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:	591716
	Show dependency tree / graph

Reported:	2010-05-12 16:09 EDT by Stjepan Gros
Modified:	2010-08-10 10:18 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	authconfig-6.1.5-1.fc14
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Clones:	591716 (view as bug list)
Environment:
Last Closed:	2010-08-10 10:18:35 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Stjepan Gros 2010-05-12 16:09:40 EDT

Description of problem:

After selecting FreeIPA as authentication server in authconfig and marking checkbox 'Use DNS to locate KDC for realms' it would be good that the fields KDCs and 'Admin servers' are grayed out?

Version-Release number of selected component (if applicable):
authconfig-6.1.4-2.fc13.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Just configure FreeIPA authentication with DNS used to locate KDCs.

Additional info:
In /etc/krb5.conf DNS resolution is selected and in the sam time values of KDC and admin server are filled with exact values. The question is which values have higher priority?

Comment 1 Tomas Mraz 2010-05-12 16:30:39 EDT

According to the krb5.conf manpage the DNS is used only when the realm and KDC is not filled in. I am not sure whether sssd behaves the same.

Comment 2 Stephen Gallagher 2010-05-12 16:52:27 EDT

Jakub, can you clarify? I think our default behavior is the same, but you're the authority.

Comment 3 Jakub Hrozek 2010-05-13 05:52:37 EDT

Yes, even though we don't have any equivalent of dns_lookup_kdc (which is the krb5.conf option set by the 'Use DNS to locate KDC for realms' checkbox), we always use service discovery when no KDCs are set.

We don't have any equivalent of 'dns_lookup_realm' in SSSD at all - which is the second check box "Use DNS to resolve hosts to realms".

Comment 4 Stjepan Gros 2010-05-13 06:05:42 EDT

Kerberos realm is also retrieved from DNS, so it also should be either grayed out or maybe automatically filled in.

Note You need to log in before you can comment on or make changes to this bug.