summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-09-02 23:28:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:03:36 -0500
commitb4aa01dcd192491e2f5f0c9b28d446d7a668ee74 (patch)
tree9b91c0d4b2ac6d8cd2c104428b1b693528c430d4 /source4/setup
parent5de430441f3daaf841965ca76f8c21c926b27d8a (diff)
downloadsamba-b4aa01dcd192491e2f5f0c9b28d446d7a668ee74.tar.gz
samba-b4aa01dcd192491e2f5f0c9b28d446d7a668ee74.tar.bz2
samba-b4aa01dcd192491e2f5f0c9b28d446d7a668ee74.zip
r24909: Patch from Andrew Kroeger <andrew@sprocks.gotdns.com> on the slow road
to working GSS-TSIG DDNS. Andrew Bartlett (This used to be commit 99f832e7edcf940003fe9a2506622d991bc00f27)
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/named.conf21
1 files changed, 15 insertions, 6 deletions
diff --git a/source4/setup/named.conf b/source4/setup/named.conf
index 2513632a47..6f97adf644 100644
--- a/source4/setup/named.conf
+++ b/source4/setup/named.conf
@@ -4,7 +4,7 @@
#
#insert this into options {}
-tkey-gssapi-credential "DNS/${DNSDOMAIN}"
+tkey-gssapi-credential "DNS/${DNSDOMAIN}";
tkey-domain "${REALM}";
#the zone file
@@ -19,9 +19,18 @@ zone "${DNSDOMAIN}." IN {
};
# Also, you need to change your init scripts to set this environment variable
-# for named: KRB_KTNAME so that it points to the keytab generated.
+# for named: KRB5_KTNAME so that it points to the keytab generated.
# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
-# line to the /etc/sysconfig/named file
-# export KRB_KTNAME=/etc/named.keytab
-
-# *TODO*: generate and install a keytab file in /etc/named.keytab
+# line to the /etc/sysconfig/named file:
+# export KRB5_KTNAME=${DNS_KEYTAB}
+#
+# Please note that most distributions have BIND configured to run under
+# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as
+# the user "named" once the daemon relinquishes its rights. Therefore,
+# the file "dns.keytab" must be readable by the user that BIND run as.
+# If BIND is running as a non-root user, the "dns.keytab" file must have its
+# permissions altered to allow thge daemon to read it. In the FC6
+# example, execute the commands:
+#
+# chgrp named /usr/local/samba/private/dns.keytab
+# chmod g+r /usr/local/samba/private/dns.keytab