[Freeipa-devel] [PATCH] 0017 Integrate realmdomains with IPA DNS
Ana Krivokapic
akrivoka at redhat.com
Thu Apr 11 12:35:29 UTC 2013
On 04/11/2013 01:43 PM, Alexander Bokovoy wrote:
> On Thu, 11 Apr 2013, Petr Spacek wrote:
>> On 11.4.2013 13:24, Alexander Bokovoy wrote:
>>> On Thu, 11 Apr 2013, Petr Spacek wrote:
>>>> On 11.4.2013 13:09, Ana Krivokapic wrote:
>>>>> Integrate realmdomains with IPA DNS
>>>>>
>>>>> Add an entry to realmdomains when a DNS zone is added to IPA.
>>>>> Delete the
>>>>> related entry from realmdomains when the DNS zone is deleted from
>>>>> IPA.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/3544
>>>>
>>>> I would add a TXT record as I described in
>>>> https://fedorahosted.org/freeipa/ticket/3544#comment:8
>>>>
>>>> This integration probably should go to both commands, realmdomains-*
>>>> dnszone-*.
>>>>
>>>> Any objections? AB?
>>> Adding TXT record is probably harmless.
>>>
>>> I would actually add the TXT record creation only to realmdomains-* and
>>> trigger it only in case we manage our DNS and DNS zone is there.
>>> This way a hook from dnszone-add will trigger adding TXT record back
>>> (via call to
>>> realmdomains-mod --add and then TXT record addition from there). Also
>>> the fact that admin added manually some domain to realmdomains mapping
>>> means that it is implied to be used in obtaining TGTs, so TXT record is
>>> helpful there as well.
>>
>> Okay, it makes sense. We will see how it will work in reality.
>
> One more thing to check is that we don't do this for our own domain.
>
Our own domain is already in realmdomains by default, and it cannot be
removed from there. So I don't think any check related to our domain is
necessary.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
More information about the Freeipa-devel
mailing list