Author: abartlet Date: 2007-09-02 23:42:40 +0000 (Sun, 02 Sep 2007) New Revision: 24911
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24911 Log: Make better use of substituted variables in example named.conf Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/named.conf Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js =================================================================== --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-09-02 23:29:48 UTC (rev 24910) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-09-02 23:42:40 UTC (rev 24911) @@ -380,6 +380,7 @@ paths.secrets = lp.get("secrets database"); paths.keytab = "secrets.keytab"; paths.dns_keytab = "dns.keytab"; + paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab; paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone"; paths.named_conf = lp.get("private dir") + "/named.conf"; paths.winsdb = "wins.ldb"; @@ -478,6 +479,7 @@ subobj.SAM_LDB = "tdb://" + paths.samdb; subobj.SECRETS_KEYTAB = paths.keytab; subobj.DNS_KEYTAB = paths.dns_keytab; + subobj.DNS_KEYTAB_ABS = paths.dns_keytab_abs; subobj.LDAPDIR = paths.ldapdir; var ldap_path_list = split("/", paths.ldapdir); Modified: branches/SAMBA_4_0/source/setup/named.conf =================================================================== --- branches/SAMBA_4_0/source/setup/named.conf 2007-09-02 23:29:48 UTC (rev 24910) +++ branches/SAMBA_4_0/source/setup/named.conf 2007-09-02 23:42:40 UTC (rev 24911) @@ -22,15 +22,15 @@ # for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following # line to the /etc/sysconfig/named file: -# export KRB5_KTNAME=${DNS_KEYTAB} +# export KRB5_KTNAME=${DNS_KEYTAB_ABS} # # Please note that most distributions have BIND configured to run under # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as # the user "named" once the daemon relinquishes its rights. Therefore, -# the file "dns.keytab" must be readable by the user that BIND run as. -# If BIND is running as a non-root user, the "dns.keytab" file must have its +# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as. +# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its # permissions altered to allow thge daemon to read it. In the FC6 # example, execute the commands: # -# chgrp named /usr/local/samba/private/dns.keytab -# chmod g+r /usr/local/samba/private/dns.keytab +# chgrp named ${DNS_KEYTAB_ABS} +# chmod g+r ${DNS_KEYTAB_ABS}