svn commit: samba r24910 - in
branches/SAMBA_4_0_RELEASE/source/setup: .
abartlet at samba.org
abartlet at samba.org
Sun Sep 2 23:29:49 GMT 2007
Author: abartlet
Date: 2007-09-02 23:29:48 +0000 (Sun, 02 Sep 2007)
New Revision: 24910
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24910
Log:
Merge named.conf patch by Andrew Kroeger <andrew at sprocks.gotdns.com>
into release branch.
Andrew Bartlett
Modified:
branches/SAMBA_4_0_RELEASE/source/setup/named.conf
Changeset:
Modified: branches/SAMBA_4_0_RELEASE/source/setup/named.conf
===================================================================
--- branches/SAMBA_4_0_RELEASE/source/setup/named.conf 2007-09-02 23:28:00 UTC (rev 24909)
+++ branches/SAMBA_4_0_RELEASE/source/setup/named.conf 2007-09-02 23:29:48 UTC (rev 24910)
@@ -4,7 +4,7 @@
#
#insert this into options {}
-tkey-gssapi-credential "DNS/${DNSDOMAIN}"
+tkey-gssapi-credential "DNS/${DNSDOMAIN}";
tkey-domain "${REALM}";
#the zone file
@@ -19,9 +19,18 @@
};
# Also, you need to change your init scripts to set this environment variable
-# for named: KRB_KTNAME so that it points to the keytab generated.
+# for named: KRB5_KTNAME so that it points to the keytab generated.
# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
-# line to the /etc/sysconfig/named file
-# export KRB_KTNAME=/etc/named.keytab
-
-# *TODO*: generate and install a keytab file in /etc/named.keytab
+# line to the /etc/sysconfig/named file:
+# export KRB5_KTNAME=${DNS_KEYTAB}
+#
+# Please note that most distributions have BIND configured to run under
+# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as
+# the user "named" once the daemon relinquishes its rights. Therefore,
+# the file "dns.keytab" must be readable by the user that BIND run as.
+# If BIND is running as a non-root user, the "dns.keytab" file must have its
+# permissions altered to allow thge daemon to read it. In the FC6
+# example, execute the commands:
+#
+# chgrp named /usr/local/samba/private/dns.keytab
+# chmod g+r /usr/local/samba/private/dns.keytab
More information about the samba-cvs
mailing list