Re: Freeze exception for sssd?
Petter Reinholdtsen <pere@hungry.com> writes:
> [Russ Allbery]
>> It's not uncommon for specific hostnames to be grabbed by some other
>> department or project for legacy reasons, and one of the primary
>> purposes of SRV records is to be the canonical source of data so that
>> people don't do the wrong thing with hostname guessing.
> Did you test it at your site? Did it work or fail for you?
Stanford doesn't publish SRV records at the moment, so we're not horribly
relevant to this particular discussion. I've discussed and followed
discussions of SRV records and their uses in various IETF, Kerberos, and
LDAP lists since nearly the start of their introduction and am commenting
from that basis. You're using them contrary to their intended use by
doing hostname guessing first, and you will run into problems in practice.
For example, kerberos.stanford.edu was owned by a specific research group
at Stanford for many years.
You are, of course, encouraged to weigh that advice against the
experiences of your users and arrive at your own conclusions. I don't
personally use the package, so I won't file a bug against it.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: