[Freeipa-devel] [PATCH] 376-377 Use tkey-gssapi-keytab in named.conf
Rob Crittenden
rcritten at redhat.com
Thu Mar 7 23:14:50 UTC 2013
Martin Kosek wrote:
> Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
> and tkey-domain and replace them with tkey-gssapi-keytab which avoids
> unnecessary Kerberos checks on BIND startup and can cause issues when
> KDC is not available.
>
> Both new and current IPA installations are updated.
>
> https://fedorahosted.org/freeipa/ticket/3429
>
Still reviewing this but I noticed that after upgrading my 3.1.99 server
pre-patch to with with-patch version the connections argument in
named.conf got set to 4 (courtesy of ipa-upgradeconfig). Should we be
setting that to 4 during the initial install too?
rob
More information about the Freeipa-devel
mailing list