On Mon, May 19, 2014 at 10:59:13PM -0700, Daniel Jung wrote:
Thanks for the info guys. With PCI compliance issue, I would try to stick with what's avail from offiicial RHEL first. Can someone from the list share their experience with SSSD with SRV records? timeout issue/failover/offline auth are things I am interested in hearing. Any caveats or issues they had experienced in the past? I did notice there are few bugs that were fixed in the latter version of SSSD related to SRV implementation which is the reason, I was somewhat hesitant to use old package.
Thanks again guys.
The bugs we fixed in 1.9 were mostly related to recovery after the SRV record could not be resolved. IIRC also a better way to handle per-request timeouts was added after the RHEL5 version was released. In the general case (not taking features like AD sites into account), the failover code has been fairly stable.