Summary: | dns/samba-nsupdate supersede/replace port with dns/bind-tools | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Michael Osipov <michael.osipov> |
Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
Status: | Closed Overcome By Events | ||
Severity: | Affects Many People | CC: | mat, rakuco, timur, w.schwarzenfeld |
Priority: | --- | ||
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Michael Osipov
2017-03-17 14:51:29 UTC
(In reply to Michael Osipov from comment #0) I would be glad to use bind-tools instead of samba-nsupdate, but, unfortunately, by default they are build without any Kerbero5 support, hence no signing of the requests. I guess, samba-nsupdate should be updated to use same setup as bind-tools, but enforce system-wide Heimdal kerberos, leaving other options to the port builders. And we need cooperation from the bind* port maintainer. You can just create it as a SLAVE port of dns/bind-tools, enabling kerberos as you go. (In reply to Timur I. Bakeyev from comment #1) I am confused: you can select (make config) your GSS-API flavor. Doesn't this do for you? Any advance here? (In reply to Michael Osipov from comment #3) You have to do that manually. That absolutelly not what I/we/end user want(s). Maybe there is a python alternative to nsupdate with signing enabled, need to check for that. Otherwise we stick to this "solution". (In reply to Timur I. Bakeyev from comment #5) I do use GSS-TSIG with Active Directory too but I don't see the issue calling 'make config'. Why not request to have Heimdal base to be on by default? samba-nsupdate was updated to the latest bind version. Should be enough for a while. |