From 7a2d3804af8e477cf8bfcc36eed78b72c8d8c980 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 14 Mar 2013 10:30:32 +0100 Subject: Use tkey-gssapi-keytab in named.conf Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential and tkey-domain and replace them with tkey-gssapi-keytab which avoids unnecessary Kerberos checks on BIND startup and can cause issues when KDC is not available. Both new and current IPA installations are updated. https://fedorahosted.org/freeipa/ticket/3429 --- install/share/bind.named.conf.template | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'install/share') diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template index 9fdd91319..b12df593a 100644 --- a/install/share/bind.named.conf.template +++ b/install/share/bind.named.conf.template @@ -14,8 +14,7 @@ options { // Any host is permitted to issue recursive queries allow-recursion { any; }; - tkey-gssapi-credential "DNS/$FQDN"; - tkey-domain "$REALM"; + tkey-gssapi-keytab "/etc/named.keytab"; }; /* If you want to enable debugging, eg. using the 'rndc trace' command, -- cgit