diff options
author | Sumit Bose <sbose@redhat.com> | 2020-12-02 10:10:37 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2020-12-03 12:39:05 +0100 |
commit | 3e4c42094c9660c710f544e31c49ff38180c7675 (patch) | |
tree | 73dad7a36a1caa64419dd90e5abcc1d7fade2d47 /doc | |
parent | d7089129b966df83f083cb56ee90f6b906971cb6 (diff) |
service: make TLS check more releaxed
Since realmd is most often the first application called to discover a
domain we do not require a strict certificate check when using the ldaps
port to connect to a domain controller.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1826964
Diffstat (limited to 'doc')
-rw-r--r-- | doc/manual/realm.xml | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml index 01af62e..d7d8e5e 100644 --- a/doc/manual/realm.xml +++ b/doc/manual/realm.xml @@ -293,7 +293,13 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com which offers a comparable level of security than ldaps. This option is only needed if the standard LDAP port (389/tcp) is blocked by a firewall and only the LDAPS - port (636/tcp) is available.</para> + port (636/tcp) is available. Given that and to lower + the initial effort to discover a remote domain + <command>realmd</command> does not require a strict + certificate check. If the validation of the LDAP server + certificate fails <command>realmd</command> will + continue to setup the encrypted connection to the LDAP + server.</para> <para>If this option is set to <parameter>yes</parameter> <command>realmd</command> |