[Freeipa-devel] [PATCH] 0017 Integrate realmdomains with IPA DNS
Alexander Bokovoy
abokovoy at redhat.com
Thu Apr 11 11:43:04 UTC 2013
On Thu, 11 Apr 2013, Petr Spacek wrote:
>On 11.4.2013 13:24, Alexander Bokovoy wrote:
>>On Thu, 11 Apr 2013, Petr Spacek wrote:
>>>On 11.4.2013 13:09, Ana Krivokapic wrote:
>>>>Integrate realmdomains with IPA DNS
>>>>
>>>>Add an entry to realmdomains when a DNS zone is added to IPA. Delete the
>>>>related entry from realmdomains when the DNS zone is deleted from IPA.
>>>>
>>>>https://fedorahosted.org/freeipa/ticket/3544
>>>
>>>I would add a TXT record as I described in
>>>https://fedorahosted.org/freeipa/ticket/3544#comment:8
>>>
>>>This integration probably should go to both commands, realmdomains-*
>>>dnszone-*.
>>>
>>>Any objections? AB?
>>Adding TXT record is probably harmless.
>>
>>I would actually add the TXT record creation only to realmdomains-* and
>>trigger it only in case we manage our DNS and DNS zone is there.
>>This way a hook from dnszone-add will trigger adding TXT record back (via call to
>>realmdomains-mod --add and then TXT record addition from there). Also
>>the fact that admin added manually some domain to realmdomains mapping
>>means that it is implied to be used in obtaining TGTs, so TXT record is
>>helpful there as well.
>
>Okay, it makes sense. We will see how it will work in reality.
One more thing to check is that we don't do this for our own domain.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list