[Freeipa-devel] [PATCH 0244-0245] Add basic support for inline-signingSeparate raw and secure zones in Zone Register

Petr Spacek pspacek at redhat.com
Fri Apr 18 15:10:19 UTC 2014


Hello,

Add basic support for inline-signing.

Inline-signing is enabled for zones with idnsSecInlineSigning attribute = TRUE.

Limitations:
- Signing configuration is hardcoded in create_zone() as magic constants
- idnsSecInlineSigning attribute cannot be changed at run-time
- DNS updates are not supported
- Signing keys have to be pre-generated and stored in
   <dyndb-ldap working directory>/<ldap intance name>/<zone name>/keys
   directory before named is started

https://fedorahosted.org/bind-dyndb-ldap/ticket/56

-- 
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-dyndb-ldap-pspacek-0244-Separate-raw-and-secure-zones-in-Zone-Register.patch
Type: text/x-patch
Size: 13680 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140418/775579d1/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-dyndb-ldap-pspacek-0245-Add-basic-support-for-inline-signing.patch
Type: text/x-patch
Size: 8663 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140418/775579d1/attachment-0001.bin>


More information about the Freeipa-devel mailing list