Learn more about these different git repos.
Other Git URLs
This RFE came up today during a discussion with Petr Spacek.
If the -v flag is used when nsupdate is called to update records on the IPA server, then TCP connection is forced. If TCP is used, then the Bind plugin can verify the connection and disallow updates that would potentially overwrite other records.
One important note -- apparently Bind's authorization mechanism stops on first match so it's not possible to use TCP verification with GSS-TSIG.
Related to dynamic DNS updates against AD.
milestone: NEEDS_TRIAGE => SSSD 1.10 beta rhbz: => 0 type: defect => task
Proposal for enhancement described in https://www.redhat.com/archives/freeipa-devel/2013-March/msg00006.html was sent to ISC (via e-mail bind-suggest@isc.org).
IMHO 'do update over TCP' should be configurable option. User may want to use plain UDP updates with other servers than BIND or AD.
Also, we could think about fallback to UDP. Fallback could be handy if user have improperly configured firewall etc.
Fields changed
owner: somebody => jhrozek patch: 0 => 1 review: => 0 status: new => assigned
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.10 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2873
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.