> Assume that FQDN is constructed as static hostname.domainname from > DHCP or via reverse DNS lookup. What happens if the machine (laptop) > moves from one network to another? What if the machine have multiple > interfaces? > > As a result, any change in FQDN will break your Kerberos setup.
The machine's host keytab (/etc/krb5.keytab) retains a reference to whatever principal was used when the host was added to ipa. The Kerberos setup shouldn't break unless: A] You can't contact your KDC because a firewall's in the way. B] The KDC moved and DNS has not caught up. This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
