patches: Specify krb5_keytab in the named.conf template.

This commit is contained in:
Timo Aaltonen 2023-02-21 19:48:17 +02:00
parent de8e6e5a8a
commit 2da091cd0e
3 changed files with 30 additions and 0 deletions

1
debian/changelog vendored
View File

@ -2,6 +2,7 @@ freeipa (4.10.1-1) UNRELEASED; urgency=medium
* New upstream release.
* control: Bump sssd, bind9 depends.
* patches: Specify krb5_keytab in the named.conf template.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 21 Feb 2023 10:13:42 +0200

View File

@ -0,0 +1,28 @@
From 9d8c285a2eb32f4097ff562c14a3f4f4e0dca140 Mon Sep 17 00:00:00 2001
From: Jarl Gullberg <jarl.gullberg@gmail.com>
Date: Mon, 20 Feb 2023 19:32:20 +0100
Subject: [PATCH] install: Fix missing dyndb keytab directive
bind-dyndb-ldap uses the krb5_keytab directive to set the path to
the keytab to use. This directive was not being used in the
configuration template, resulting in a failure to start named if
the keytab path differed from the defaults.
This issue was discovered when packaging FreeIPA for Debian,
which is one of the platforms where the path is customized.
Signed-off-by: Jarl Gullberg <jarl.gullberg@gmail.com>
---
install/share/bind.named.conf.template | 1 +
1 file changed, 1 insertion(+)
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 28c21d0a7ab..01b77c5ae1c 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -58,4 +58,5 @@ dyndb "ipa" "$BIND_LDAP_SO" {
server_id "$FQDN";
auth_method "sasl";
sasl_mech "EXTERNAL";
+ krb5_keytab "FILE:$NAMED_KEYTAB";
};

View File

@ -1,4 +1,5 @@
# upstreamed
install-fix-missing-dyndb-keytab-directive.diff
# not upstreamable
dnssec-race-wa.diff