Learn more about these different git repos.
Other Git URLs
This RFE came up today during a discussion with Petr Spacek.
If the -v flag is used when nsupdate is called to update records on the IPA server, then TCP connection is forced. If TCP is used, then the Bind plugin can verify the connection and disallow updates that would potentially overwrite other records.
One important note -- apparently Bind's authorization mechanism stops on first match so it's not possible to use TCP verification with GSS-TSIG.
Related to dynamic DNS updates against AD.
milestone: NEEDS_TRIAGE => SSSD 1.10 beta
rhbz: => 0
type: defect => task
Proposal for enhancement described in https://www.redhat.com/archives/freeipa-devel/2013-March/msg00006.html was sent to ISC (via e-mail email@example.com).
IMHO 'do update over TCP' should be configurable option. User may want to use plain UDP updates with other servers than BIND or AD.
Also, we could think about fallback to UDP. Fallback could be handy if user have improperly configured firewall etc.
owner: somebody => jhrozek
patch: 0 => 1
review: => 0
status: new => assigned
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta
to comment on this ticket.