URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: opened
PR body: """ Allows to specify auth method for DNS PTR updates. Default to same as dyndns_auth. """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """ See issue https://github.com/SSSD/sssd/issues/5274 """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-675923680
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """ @sumit-bose , could you have a look at this PR? """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-681910420
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
sumit-bose commented: """ Hi,
thank you for the patch. Except a minor issue I'm fine with the patch.
I wonder if you can give an example configuration how to configure a DNS server for asymmetrical authentication so that the patch can be tested properly.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-684703946
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
alexey-tikhonov commented: """ Is there any reason to have two patches instead squashing into single? """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685037385
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """
Is there any reason to have two patches instead squashing into single?
Just wanted to show what I changed, I can squash into one commit, NP """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685070637
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """
Hi,
thank you for the patch. Except a minor issue I'm fine with the patch.
Thanks
I wonder if you can give an example configuration how to configure a DNS server for asymmetrical authentication so that the patch can be tested properly.
I cannot, don't have access to these servers. Sorry
"""
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685071593
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
alexey-tikhonov commented: """
Is there any reason to have two patches instead squashing into single?
Just wanted to show what I changed, I can squash into one commit, NP
Thank you. """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-685366334
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """ I would really appreciate if this could be merged to master, then I can install sssd on a few more computers that uses master """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-688194108
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """ @sumit-bose , mind setting this PR in Reviewed status? """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-692733807
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
sumit-bose commented: """ Hi,
I'm fine with the patch but I still would like to understand how to test this behavior. Which settings do you need for your environment
dyndns_auth = none dyndns_auth_ptr = GSS-TSIG
or the other way round?
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-693202438
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """
Hi,
I'm fine with the patch but I still would like to understand how to test this behavior. Which settings do you need for your environment
dyndns_auth = none dyndns_auth_ptr = GSS-TSIG
Yes, that way. Still too much legacy EQ not speaking GSS-TSIG so only GSS-TSIG on RDNS """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-693211402
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
sumit-bose commented: """ Hi,
after some reading I tested this patch with the bind update policy `grant * tcp-self * PTR;` for the reverse zone. This allows a client with a matching IP address to update its own record without any special TSIG key. But so far I was not able to reject all other types of updates so in my test environment gss-tsig for the reverse zone worked as well, but by checking the logs on the client and server side I could see that gss-tsig was only used to update the entry for the forward zone while no keys where used to update the reverse zone.
Al least in my test setup I had to add
dyndns_force_tcp = True dyndns_server = ipaserver75.rhel75.devel
besides `dyndns_auth_ptr = none` because the version of `nsupdate` I used was not able to automatically switch to TCP (required by bind to allow the update) and also didn't pick the right DNS server for the update of the reverse zone.
Nevertheless, all tests were working as expected, so ACK.
Thanks for your patience.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-699824497
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: -Waiting for review
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
pbrezina commented: """ Do I understand it correctly that this patch fixes https://github.com/SSSD/sssd/issues/5274? If yes, can you please add:
``` Resolves: https://github.com/SSSD/sssd/issues/5274? ```
to the commit message? """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-700613044
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
joakim-tjernlund commented: """
Do I understand it correctly that this patch fixes #5274? If yes, can you please add:
Resolves: https://github.com/SSSD/sssd/issues/5274to the commit message?
Done """
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-700644442
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5283
* `master` * 0b069085cc6cb472b6c8841a26107ee1d48222ee - Add dyndns_auth_ptr support
"""
See the full comment at https://github.com/SSSD/sssd/pull/5283#issuecomment-700667271
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5283 Title: #5283: Add dyndns_auth_ptr support
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283
sssd-devel@lists.fedorahosted.org
-
alexey-tikhonov -
joakim-tjernlund
-
pbrezina
-
sumit-bose