diff options
| author | Tomek Mrugalski <tomek@isc.org> | 2022-06-24 10:29:47 +0200 |
|---|---|---|
| committer | Tomek Mrugalski <tomek@isc.org> | 2022-06-24 10:29:47 +0200 |
| commit | ad90c809cec91bae7ef87b0c93772124a22df407 (patch) | |
| tree | 233f3f0a7153519587ab3946894ed37186eaf830 /doc/examples | |
| parent | [#2247] Rephrased text (diff) | |
| download | kea-ad90c809cec91bae7ef87b0c93772124a22df407.tar.xz kea-ad90c809cec91bae7ef87b0c93772124a22df407.zip | |
[#2247] gss-tsig example configs updated
Diffstat (limited to 'doc/examples')
| -rw-r--r-- | doc/examples/ddns/gss-tsig.json | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/doc/examples/ddns/gss-tsig.json b/doc/examples/ddns/gss-tsig.json index 0cc324df74..e98a2ef667 100644 --- a/doc/examples/ddns/gss-tsig.json +++ b/doc/examples/ddns/gss-tsig.json @@ -56,7 +56,7 @@ ] }, - // Need to add gss-tsig hook here + // The GSS-TSIG hook is loaded and its configuration is specified here. "hooks-libraries": [ { "library": "/opt/lib/libddns_gss_tsig.so", @@ -69,8 +69,15 @@ "server-principal": "DNS/server.example.org@EXAMPLE.ORG", "client-principal": "DHCP/admin.example.org@EXAMPLE.ORG", - "client-keytab": "FILE:/etc/dhcp.keytab", // toplevel only - "credentials-cache": "FILE:/etc/ccache", // toplevel only + + // client-keytab and credentials-cache can both be used to + // store client keys. As credentials cache is more flexible, + // it is recommended to use it. Typically, using both at the + // same time may cause problems. + // + // "client-keytab": "FILE:/etc/dhcp.keytab", // toplevel only + "credentials-cache": "FILE:/etc/ccache", // toplevel only + "tkey-lifetime": 3600, // 1 hour "rekey-interval": 2700, // 45 minutes "retry-interval": 120, // 2 minutes |