Review request: DNS server implementation
simo
idra at samba.org
Wed Oct 13 06:51:17 MDT 2010
On Wed, 2010-10-13 at 14:37 +0200, Michael Wood wrote:
> I am sure this is not what tridge is referring to, but I'd much prefer
> a command line option or something I can put into named.conf to
> specify the keytab file to use instead of relying on an environment
> variable.
Although having an option in named would be nice, the env variable
approach is not too terrible. But it would be nice, yes.
> Also, on Ubuntu, when you enable the Kerberos stuff, bind wants to
> create a file called /var/tmp/DNS_104, which is denied by AppArmor. I
> don't know if that name is constant or what happens if there's already
> a file/directory called that when bind starts, so my solution of
> telling AppArmor to allow it seems possibly fragile.
Looks like a Ubuntu security policy bug. Bind has had kerberos support
for a while, so they should test the configuration and fix the policy
accordingly.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list