Martin Kosek wrote:
SSH public key support includes a feature to automatically add/update
client SSH fingerprints in SSHFP records. However, the update won't
work for zones created before this support was added as they don't
allow clients to update SSHFP records in their update policies.
This patch lets dns upgrade module extend the original policy
to allow the SSHFP dynamic updates. It updates only original
policy, we don't want it to overwrite custom user policies.
ACK if you add a block comment to gen_dns_update_policy() describing why
we need this update policy.
Freeipa-devel mailing list