mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-16 18:35:01 -06:00
673d2b82d0
The IPA location system relies on DNS record priorities in order to give higher precedence to servers from the same location. For Kerberos, this is done by redirecting generic SRV records (e.g. _kerberos._udp.[domain].) to location-aware records (e.g. _kerberos._udp.[location]._locations.[domain].) using CNAMEs. This commit applies the same logic for URI records. URI location-aware record were created, but there were no redirection from generic URI records. It was causing them to be ignored in practice. Kerberos URI and TXT records have the same name: "_kerberos". However, CNAME records cannot coexist with any other record type. To avoid this conflict, the generic TXT realm record was replaced by location-aware records, even if the content of these records is the same for all locations. Fixes: https://pagure.io/freeipa/issue/9257 Signed-off-by: Julien Rische <jrische@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| adtrust.py | ||
| ca_renewal_master.py | ||
| dns.py | ||
| fix_kra_people_entry.py | ||
| fix_replica_agreements.py | ||
| rename_managed.py | ||
| update_ca_topology.py | ||
| update_changelog_maxage.py | ||
| update_dna_shared_config.py | ||
| update_fix_duplicate_cacrt_in_ldap.py | ||
| update_idranges.py | ||
| update_ldap_server_list.py | ||
| update_managed_permissions.py | ||
| update_nis.py | ||
| update_pacs.py | ||
| update_passsync.py | ||
| update_pwpolicy.py | ||
| update_ra_cert_store.py | ||
| update_referint.py | ||
| update_services.py | ||
| update_unhashed_password.py | ||
| update_uniqueness.py | ||
| upload_cacrt.py | ||