From 61582b5d8a7d718e201bdeaa1d9d991bd1e4a133 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 24 Aug 2007 13:21:43 +0000
Subject: r24650: Some more instructions to have make GSS-TSIG work (This used
 to be commit 98350b35ab0b0f06cc9ddf8edaf3dfe705c3e5bf)

---
 source4/setup/named.conf | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/setup/named.conf b/source4/setup/named.conf
index 56bb3e0f35..eb5098ae3c 100644
--- a/source4/setup/named.conf
+++ b/source4/setup/named.conf
@@ -1,10 +1,22 @@
 #
-# Insert this snippit into your named.conf or bind.conf to configure
+# Insert these snippets into your named.conf or bind.conf to configure
 # the BIND nameserver.
 #
 
+#insert this into options {}
+tkey-gssapi-credential "DNS/${DNSDOMAIN}"
+tkey-domain "${REALM}";
+
+#the zone file
 zone "${DNSDOMAIN}." IN {
         type master;
         file "${DNSDOMAIN}.zone";
 };
 
+# Also, you need to change your init scripts to set this environment variable
+# for named: KRB_KTNAME so that it points to the keytab generated.
+# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
+# line to the /etc/sysconfig/named file
+# export KRB_KTNAME=/etc/named.keytab
+
+# *TODO*: generate and install a keytab file in /etc/named.keytab
-- 
cgit