Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 773327

Summary: The full dyndns update message should be logged into debug logs
Product: Red Hat Enterprise Linux 5 Reporter: Stephen Gallagher <sgallagh>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.8CC: grajaiya, jgalipea, jwest, prc, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.5.1-49.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 773326 Environment:
Last Closed: 2012-02-21 06:27:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 773326    
Bug Blocks: 748853, 784372    

Description Stephen Gallagher 2012-01-11 14:43:52 UTC 
+++ This bug was initially created as a clone of Bug #773326 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/893

Right now, the dynamic DNS update message is not logged anywhere. I suspect that the reason for not including it were security concerns.

I think the message should be logged, because the logs are readable by root only anyway and moreover the update message only contains the following data:

 * hostname of the client
 * IP addresses of clients's network interface (either the one the client uses to connect to LDAP or one selected in the sssd config file)
 * client DNS zone
 * Kerberos realm of the client
 * IPA server hostname

Adding the full nsupdate message would help in debugging dyndns issues as it would be possible to use the same message directly with nsupdate from the command line.
Comment 8 Gowrishankar Rajaiyan 2012-01-18 15:29:48 UTC 
Verified.

[root@ratchet ~]# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el5                        Build Date: Tue 17 Jan 2012 01:30:04 PM EST
Install Date: Wed 18 Jan 2012 07:20:52 AM EST      Build Host: x86-003.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el5.src.rpm
Size        : 3651337                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
[root@ratchet ~]#
Comment 9 errata-xmlrpc 2012-02-21 06:27:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0164.html