Only a problem if you want to use SSHFP records to verify the host keys presented by the SSH server running on the client.
When SSHing to the client from another machine that has been enrolled, the host key will usually be verified by sss_ssh_knownhostsproxy which does not use SSHFP records. You might use these records in conjunction with DNSSEC to allow non-enrolled clients to have a secure way to fetch a host's public keys for verification, but that setup is not the default & requires extra work. More generally, it sounds like sssd's is not going to be able to update the A records for your clients either. -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
