On 8.3.2013 00:14, Rob Crittenden wrote:
Martin Kosek wrote:
Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
and tkey-domain and replace them with tkey-gssapi-keytab which avoids
unnecessary Kerberos checks on BIND startup and can cause issues when
KDC is not available.

Both new and current IPA installations are updated.


Still reviewing this but I noticed that after upgrading my 3.1.99 server
pre-patch to with with-patch version the connections argument in named.conf
got set to 4 (courtesy of ipa-upgradeconfig). Should we be setting that to 4
during the initial install too?

For 3.2 it doesn't matter. Anything >= 2 should be okay, but more connections should not harm.

Higher value should allow higher level of parallelism, it is one of tuning parameters. Value 4 was necessary to prevent deadlocks in some previous versions of bind-dyndb-ldap.

Petr^2 Spacek

Freeipa-devel mailing list

Reply via email to