Note (to be absolutely exact) that _both_ '_kpasswd' and '_kerberos' SRV records are usually missing in the _sites DNS zone (at least were missing in my AD).
Whereas the bug fix mentioned below would eliminate the need for _kpasswd, I believe _kerberos would still be needed.

Ondrej


On 09/19/2012 04:04 PM, Jakub Hrozek wrote:
For the record, the fact that the back end went offline if the kpasswd
server could not be resolved is a bug we fixed during the 1.9 development:
https://fedorahosted.org/sssd/ticket/1452
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users