[Freeipa-devel] [PATCH] 224 Add SSHFP update policy for existing zones
Rob Crittenden
rcritten at redhat.com
Mon Feb 27 16:47:45 UTC 2012
Martin Kosek wrote:
> SSH public key support includes a feature to automatically add/update
> client SSH fingerprints in SSHFP records. However, the update won't
> work for zones created before this support was added as they don't
> allow clients to update SSHFP records in their update policies.
>
> This patch lets dns upgrade module extend the original policy
> to allow the SSHFP dynamic updates. It updates only original
> policy, we don't want it to overwrite custom user policies.
>
> https://fedorahosted.org/freeipa/ticket/2394
ACK if you add a block comment to gen_dns_update_policy() describing why
we need this update policy.
rob
More information about the Freeipa-devel
mailing list