Daniel PC via FreeIPA-users wrote:
Unfortunately curl doesn't make SRV calls. the only solution I
see is to set up a round-robin DNS with type A records but after setting it doesn't
balance me between nodes, it always answers the same.
Any help on this?
Even if you got the round-robin to work, as I explained before Kerberos
and TLS are name-sensitive so if you ask for foo and bar answers things
aren't going to work out-of-the-box. There are workarounds but it'd be
manual work you'd have to put in every time an IPA server is created or
removed. And it will still be blocked by the HTTP referer XSS check.