[Freeipa-devel] [PATCH] 376-377 Use tkey-gssapi-keytab in named.conf
Petr Spacek
pspacek at redhat.com
Fri Mar 8 08:49:40 UTC 2013
On 8.3.2013 00:14, Rob Crittenden wrote:
> Martin Kosek wrote:
>> Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
>> and tkey-domain and replace them with tkey-gssapi-keytab which avoids
>> unnecessary Kerberos checks on BIND startup and can cause issues when
>> KDC is not available.
>>
>> Both new and current IPA installations are updated.
>>
>> https://fedorahosted.org/freeipa/ticket/3429
>>
>
> Still reviewing this but I noticed that after upgrading my 3.1.99 server
> pre-patch to with with-patch version the connections argument in named.conf
> got set to 4 (courtesy of ipa-upgradeconfig). Should we be setting that to 4
> during the initial install too?
For 3.2 it doesn't matter. Anything >= 2 should be okay, but more connections
should not harm.
Higher value should allow higher level of parallelism, it is one of tuning
parameters. Value 4 was necessary to prevent deadlocks in some previous
versions of bind-dyndb-ldap.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list