[1643] Documentation

4fea1ab5 · Michal 'vorner' Vaner · 719a5941 · 4fea1ab5 · 4fea1ab5
Commit 4fea1ab5 authored Feb 20, 2012 by Michal 'vorner' Vaner
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 27 deletions

doc/guide/bind10-guide.xml doc/guide/bind10-guide.xml +5 -13

src/bin/xfrout/b10-xfrout.xml src/bin/xfrout/b10-xfrout.xml +0 -14

No files found.
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1629,31 +1629,23 @@ Xfrout/transfer_acl[0]	{"action": "ACCEPT"}	any	(default)</screen>
    </simpara></note>

    <para>
-      If you want to require TSIG in access control, a separate TSIG
-      "key ring" must be configured specifically
-      for <command>b10-xfrout</command> as well as a system wide
-      key ring, both containing a consistent set of keys.
+      If you want to require TSIG in access control, a system wide TSIG
+      "key ring" must be configured.
      For example, to change the previous example to allowing requests
      from 192.0.2.1 signed by a TSIG with a key name of
      "key.example", you'll need to do this:
    </para>

    <screen>&gt; <userinput>config set tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
-&gt; <userinput>config set Xfrout/tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
 &gt; <userinput>config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "192.0.2.1", "key": "key.example"}]</userinput>
 &gt; <userinput>config commit</userinput></screen>

-    <para>
-      The first line of configuration defines a system wide key ring.
-      This is necessary because the <command>b10-auth</command> server
-      also checks TSIGs and it uses the system wide configuration.
-    </para>
+    <param>Both Xfrout and Auth will use the system wide keyring to check
+    TSIGs in the incomming messages and to sign responses.</param>

    <note><simpara>
-        In a future version, <command>b10-xfrout</command> will also
-        use the system wide TSIG configuration.
        The way to specify zone specific configuration (ACLs, etc) is
-        likely to be changed, too.
+        likely to be changed.
    </simpara></note>

 <!--

--- a/src/bin/xfrout/b10-xfrout.xml
+++ b/src/bin/xfrout/b10-xfrout.xml
@@ -97,13 +97,6 @@
      defines the maximum number of outgoing zone transfers
      that can run concurrently. The default is 10.
    </para>
-    <para>
-      <varname>tsig_key_ring</varname>
-      A list of TSIG keys (each of which is in the form of
-      <replaceable>name:base64-key[:algorithm]</replaceable>)
-      used for access control on transfer requests.
-      The default is an empty list.
-    </para>
    <para>
      <varname>transfer_acl</varname>
      A list of ACL elements that apply to all transfer requests by
@@ -160,13 +153,6 @@
    </simpara></note>


-<!--
-
-tsig_key_ring list of
-tsig_key string
-
-->
-
 <!-- TODO: formating -->
    <para>
      The configuration commands are: