mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 06:19:59 -04:00
73197feec7
Since the "tkey-gssapi-credential" statement is now deprecated and is
about to be removed, migrate the only system test using it ("nsupdate")
to "tkey-gssapi-keytab".
Currently, the GSS-TSIG parts of the "nsupdate" system test require
properly setting up a combination of:
- "tkey-gssapi-credential" statements in named.conf files,
- the KRB5_KTNAME environment variable.
Specifically, this configuration causes named startup to include
acquiring the credential that GSS-API is allowed to match keys against
from a keytab file specified by the KRB5_KTNAME environment variable.
By contrast, the revised configuration uses the "tkey-gssapi-keytab"
statement, which makes GSS-API match keys against any credential present
in the specified keytab file.
Since both keytabs in question (ns9/dns.keytab, ns10/dns.keytab) only
contain a single credential, the two configurations are functionally
equivalent, with the revised one being significantly more readable and
simpler to prepare.
|
||
|---|---|---|
| .. | ||
| ans4 | ||
| CA | ||
| krb | ||
| ns1 | ||
| ns2 | ||
| ns3 | ||
| ns5 | ||
| ns6 | ||
| ns7 | ||
| ns8 | ||
| ns9 | ||
| ns10 | ||
| .gitignore | ||
| commandlist | ||
| dhparam3072.pem | ||
| knowngood.ns1.after | ||
| knowngood.ns1.afterstop | ||
| knowngood.ns1.before | ||
| prereq.sh | ||
| resolv.conf | ||
| setup.sh | ||
| tests.sh | ||
| tests_sh_nsupdate.py | ||
| update_test.pl | ||
| verylarge.in | ||