On 8.3.2013 00:14, Rob Crittenden wrote:
Martin Kosek wrote:
Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
and tkey-domain and replace them with tkey-gssapi-keytab which avoids
unnecessary Kerberos checks on BIND startup and can cause issues when
KDC is not available.
Both new and current IPA installations are updated.
Still reviewing this but I noticed that after upgrading my 3.1.99 server
pre-patch to with with-patch version the connections argument in named.conf
got set to 4 (courtesy of ipa-upgradeconfig). Should we be setting that to 4
during the initial install too?
For 3.2 it doesn't matter. Anything >= 2 should be okay, but more connections
should not harm.
Higher value should allow higher level of parallelism, it is one of tuning
parameters. Value 4 was necessary to prevent deadlocks in some previous
versions of bind-dyndb-ldap.
Freeipa-devel mailing list