[Freeipa-devel] [PATCH] 0017 Integrate realmdomains with IPA DNS
Petr Spacek
pspacek at redhat.com
Thu Apr 11 12:18:31 UTC 2013
On 11.4.2013 13:43, Alexander Bokovoy wrote:
> On Thu, 11 Apr 2013, Petr Spacek wrote:
>> On 11.4.2013 13:24, Alexander Bokovoy wrote:
>>> On Thu, 11 Apr 2013, Petr Spacek wrote:
>>>> On 11.4.2013 13:09, Ana Krivokapic wrote:
>>>>> Integrate realmdomains with IPA DNS
>>>>>
>>>>> Add an entry to realmdomains when a DNS zone is added to IPA. Delete the
>>>>> related entry from realmdomains when the DNS zone is deleted from IPA.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/3544
>>>>
>>>> I would add a TXT record as I described in
>>>> https://fedorahosted.org/freeipa/ticket/3544#comment:8
>>>>
>>>> This integration probably should go to both commands, realmdomains-*
>>>> dnszone-*.
>>>>
>>>> Any objections? AB?
>>> Adding TXT record is probably harmless.
>>>
>>> I would actually add the TXT record creation only to realmdomains-* and
>>> trigger it only in case we manage our DNS and DNS zone is there.
>>> This way a hook from dnszone-add will trigger adding TXT record back (via
>>> call to
>>> realmdomains-mod --add and then TXT record addition from there). Also
>>> the fact that admin added manually some domain to realmdomains mapping
>>> means that it is implied to be used in obtaining TGTs, so TXT record is
>>> helpful there as well.
>>
>> Okay, it makes sense. We will see how it will work in reality.
>
> One more thing to check is that we don't do this for our own domain.
What do you mean? The TXT record? We create the TXT record in the 'first' IPA
domain (or at least I see this records in my test domains).
--
Petr Spacek
More information about the Freeipa-devel
mailing list