Review request: DNS server implementation

simo idra at
Wed Oct 13 06:51:17 MDT 2010

On Wed, 2010-10-13 at 14:37 +0200, Michael Wood wrote:

> I am sure this is not what tridge is referring to, but I'd much prefer
> a command line option or something I can put into named.conf to
> specify the keytab file to use instead of relying on an environment
> variable.

Although having an option in named would be nice, the env variable
approach is not too terrible. But it would be nice, yes.

> Also, on Ubuntu, when you enable the Kerberos stuff, bind wants to
> create a file called /var/tmp/DNS_104, which is denied by AppArmor.  I
> don't know if that name is constant or what happens if there's already
> a file/directory called that when bind starts, so my solution of
> telling AppArmor to allow it seems possibly fragile.

Looks like a Ubuntu security policy bug. Bind has had kerberos support
for a while, so they should test the configuration and fix the policy


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list