On Mon, 2012-01-16 at 14:00 +0100, Jakub Hrozek wrote: > On Fri, Jan 13, 2012 at 10:03:56AM -0500, Stephen Gallagher wrote: > > On Fri, 2012-01-13 at 09:50 -0500, Stephen Gallagher wrote: > > > Some older platforms (such as RHEL 5) do not support the 'realm' > > > directive in nsupdate messages. As a result, dynamic DNS update support > > > doesn't work properly on those systems. > > > > > > The 'realm' directive was added to remove ambiguity in systems where > > > multiple Kerberos realms were in use. It is there to account for cases > > > where a default realm has not been specified in /etc/krb5.conf. > > > > > > With this patch, we will auto-detect at configure time whether nsupdate > > > has 'realm' support or not. If it does not, we will leave it out of the > > > update message. The user will need to manually set a default realm > > > in /etc/krb5.conf in order to avoid any potential issues with GSSAPI. > > > > > > It was originally suggested on IRC that we should make this an option we > > > pass to configure, but I don't really see any value in that. I think the > > > auto-detection is more reliable in this case. > > > > Sorry, I forgot to note in my original email that this addresses > > https://fedorahosted.org/sssd/ticket/1138 and I attached patches for > > both master and sssd-1-5 (they differ only by the debug level > > specifications) > > > > I have not directly tested these patches, but I have asked the original > > reporter of the bug to do so and provided him with a scratch build. I > > will include the results of those tests when they are available. > > I tested basic functionality on RHEL-5 and F-16 (regression testing) > and dynamic DNS update worked fine. > > Ack.
Pushed to master and sssd-1-5.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
