freeipa

Clone
Source Code
GIT

673d2b8 Generate CNAMEs for TXT+URI location krb records

4 files Authored by jrische 2 years ago, Committed by ftrivino 2 years ago,
raw patch tree parent
4 files changed. 257 lines added. 9 lines removed.
install/updates/90-post_upgrade_plugins.update
file modified
+1 -0
ipaserver/dns_data_management.py
file modified
+27 -9
ipaserver/install/plugins/dns.py
file modified
+108 -0
ipatests/test_integration/test_upgrade.py
file modified
+121 -0 
    Generate CNAMEs for TXT+URI location krb records
    
    The IPA location system relies on DNS record priorities in order to give
    higher precedence to servers from the same location. For Kerberos, this
    is done by redirecting generic SRV records (e.g.
    _kerberos._udp.[domain].) to location-aware records (e.g.
    _kerberos._udp.[location]._locations.[domain].) using CNAMEs.
    
    This commit applies the same logic for URI records. URI location-aware
    record were created, but there were no redirection from generic URI
    records. It was causing them to be ignored in practice.
    
    Kerberos URI and TXT records have the same name: "_kerberos". However,
    CNAME records cannot coexist with any other record type. To avoid this
    conflict, the generic TXT realm record was replaced by location-aware
    records, even if the content of these records is the same for all
    locations.
    
    Fixes: https://pagure.io/freeipa/issue/9257
    Signed-off-by: Julien Rische <jrische@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+1 -0
file modified
+27 -9
file modified
+108 -0
file modified
+121 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.