8 Jun
2014
8 Jun
'14
12:15 p.m.
On Sat, 2014-06-07 at 18:49 +0100, John Hodrien wrote:
On 7 Jun 2014 18:38, steve steve@steve-ss.com wrote:
Hi Thanks. Yes, same here. Even though bind allows the signed updates from sssd, we don't need them. We can authenticate using sssd no matter what IP is assigned and no matter what is stored in AD. Maybe the ddns requirement could be removed from the default ad-backend?
You can hijack a keytab from another machine and use it for sssd, so correct DNS really doesn't matter for pure sssd operation. You'll only cause bother for things using kerberos auth as a service (say samba/http/NFS/SSH), which if you like such things is a big deal.
It doesn't seem to matter either. sssd autofs cifs works fine irrespective of dns.