Learn more about these different git repos.
Other Git URLs
This RFE came up today during a discussion with Petr Spacek.
If the -v flag is used when nsupdate is called to update records on the IPA server, then TCP connection is forced. If TCP is used, then the Bind plugin can verify the connection and disallow updates that would potentially overwrite other records.
One important note -- apparently Bind's authorization mechanism stops on first match so it's not possible to use TCP verification with GSS-TSIG.
Related to dynamic DNS updates against AD.
milestone: NEEDS_TRIAGE => SSSD 1.10 beta
rhbz: => 0
type: defect => task
Proposal for enhancement described in https://www.redhat.com/archives/freeipa-devel/2013-March/msg00006.html was sent to ISC (via e-mail firstname.lastname@example.org).
IMHO 'do update over TCP' should be configurable option. User may want to use plain UDP updates with other servers than BIND or AD.
Also, we could think about fallback to UDP. Fallback could be handy if user have improperly configured firewall etc.
owner: somebody => jhrozek
patch: 0 => 1
review: => 0
status: new => assigned
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.