Todd Grayson via FreeIPA-users wrote:
Thanks Rob, Thanks Angus,
I am aware of how to point the client to the specific IPA server, what I'm struggling
more with is freeIPA in an environment where its not using DNS for domain and realm
resolution for kerberos, which does work today.
I should have limited my question to the following:
Is it possible to use ipaClient but manage static mappings in the krb5.conf [realm] and
[domain realm] and run with dns_lookup_kdc=false and dns_lookup_realm=false (including the
krb5.conf on the ipa server itself so its aware of all). The question from Angus makes me
believe that having the dns_lookup* = false is a unsupported context in an IPA
environment.
Yes.
rob