mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
6c27104467
While [1] did open recursion, it also opened widely a security flaw.
This patch intends to close it back, while allowing operators to easily
add their open configuration within Bind9.
In order to allow operators to still open Bind recursion, a new file is
introduced, "ipa-ext.conf" (path might change according to the OS). This
file is not managed by the installer, meaning changes to it won't be
overridden.
Since it's included at the very end of the main configuration file, it
also allows to override some defaults - of course, operators have to be
careful with that.
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1754530
Fixes: https://pagure.io/freeipa/issue/8079
[1]
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| constants.py | ||
| paths.py | ||
| services.py | ||
| tasks.py | ||