r24650: Some more instructions to have make GSS-TSIG work

author Simo Sorce <idra@samba.org>

Fri, 24 Aug 2007 13:21:43 +0000 (13:21 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 20:02:32 +0000 (15:02 -0500)
author Simo Sorce <idra@samba.org>
Fri, 24 Aug 2007 13:21:43 +0000 (13:21 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 20:02:32 +0000 (15:02 -0500)
diff --git a/source4/setup/named.conf b/source4/setup/named.conf

index 56bb3e0f35b7f0191e270a783ec1cd10aee5ab87..eb5098ae3c8d34bb7da78d33b15f1da4557ed8d2 100644 (file)
--- a/source4/setup/named.conf
+++ b/source4/setup/named.conf
@@ -1,10 +1,22 @@
  #
-# Insert this snippit into your named.conf or bind.conf to configure
+# Insert these snippets into your named.conf or bind.conf to configure
  # the BIND nameserver.
  #
  
+#insert this into options {}
+tkey-gssapi-credential "DNS/${DNSDOMAIN}"
+tkey-domain "${REALM}";
+
+#the zone file
  zone "${DNSDOMAIN}." IN {
          type master;
          file "${DNSDOMAIN}.zone";
  };
  
+# Also, you need to change your init scripts to set this environment variable
+# for named: KRB_KTNAME so that it points to the keytab generated.
+# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
+# line to the /etc/sysconfig/named file
+# export KRB_KTNAME=/etc/named.keytab
+
+# *TODO*: generate and install a keytab file in /etc/named.keytab
author	Simo Sorce <idra@samba.org>
	Fri, 24 Aug 2007 13:21:43 +0000 (13:21 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 20:02:32 +0000 (15:02 -0500)