thanks for the response guys. just one more question on the topic of SRV records, does sssd implementation folllow srv rfc closely?  would i need to dig into the code to find this?

On May 20, 2014 3:28 AM, "Jakub Hrozek" <> wrote:
On Mon, May 19, 2014 at 10:59:13PM -0700, Daniel Jung wrote:
> Thanks for the info guys. With PCI compliance issue, I would try to
> stick with what's avail from offiicial RHEL first.
> Can someone from the list share their experience with SSSD with SRV
> records? timeout issue/failover/offline auth are things I am
> interested in hearing. Any caveats or issues they had experienced in
> the past? I did notice there are few bugs that were fixed in the
> latter version of SSSD related to SRV implementation which is the
> reason, I was somewhat hesitant to use old package.
> Thanks again guys.

The bugs we fixed in 1.9 were mostly related to recovery after the SRV
record could not be resolved. IIRC also a better way to handle per-request
timeouts was added after the RHEL5 version was released. In the general
case (not taking features like AD sites into account), the failover code has
been fairly stable.
sssd-users mailing list