21e6cc6 DNSSEC: Make sure that current key state in LDAP matches key state in BIND

1 file Authored by pspacek 8 years ago, Committed by mbasti 8 years ago,
    DNSSEC: Make sure that current key state in LDAP matches key state in BIND
    
    We have to explicitly specify "none" value to prevent dnssec-keyfromlabel
    utility from using current time for keys without "publish" and "activate"
    timestamps.
    
    Previously this lead to situation where key was in (intermediate) state
    "generated" in OpenDNSSEC but BIND started to use this key for signing.
    
    https://fedorahosted.org/freeipa/ticket/5348
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
    
        
file modified
+5 -1