diff --git a/doc/arm/advanced.inc.rst b/doc/arm/advanced.inc.rst index 5ebb6a3dc9..34665fc444 100644 --- a/doc/arm/advanced.inc.rst +++ b/doc/arm/advanced.inc.rst @@ -31,11 +31,10 @@ are permitted for the key ``local-ddns``, which is generated by :iscman:`named` at startup. See :ref:`dynamic_update_policies` for more details. Dynamic updates using Kerberos-signed requests can be made using the -TKEY/GSS protocol, either by setting the :any:`tkey-gssapi-keytab` option -or by setting both the :any:`tkey-gssapi-credential` and -:any:`tkey-domain` options. Once enabled, Kerberos-signed requests are -matched against the update policies for the zone, using the Kerberos -principal as the signer for the request. +TKEY/GSS protocol, by setting the :any:`tkey-gssapi-keytab` option. +Once enabled, Kerberos-signed requests are matched against the update +policies for the zone, using the Kerberos principal as the signer for +the request. Updating of secure zones (zones using DNSSEC) follows :rfc:`3007`: RRSIG, NSEC, and NSEC3 records affected by updates are automatically regenerated diff --git a/doc/misc/options b/doc/misc/options index 01b000e6cc..b05e7f2607 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -303,7 +303,7 @@ options { tcp-receive-buffer ; tcp-send-buffer ; tkey-domain ; - tkey-gssapi-credential ; + tkey-gssapi-credential ; // deprecated tkey-gssapi-keytab ; tls-port ; transfer-format ( many-answers | one-answer ); diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 6c7469e46d..711360d992 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1349,7 +1349,8 @@ static cfg_clausedef_t options_clauses[] = { { "tcp-send-buffer", &cfg_type_uint32, 0 }, { "tkey-dhkey", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "tkey-domain", &cfg_type_qstring, 0 }, - { "tkey-gssapi-credential", &cfg_type_qstring, 0 }, + { "tkey-gssapi-credential", &cfg_type_qstring, + CFG_CLAUSEFLAG_DEPRECATED }, { "tkey-gssapi-keytab", &cfg_type_qstring, 0 }, { "transfer-message-size", &cfg_type_uint32, 0 }, { "transfers-in", &cfg_type_uint32, 0 },