GSS TSIG configuration

Greg.Rabil at ins.com Greg.Rabil at ins.com
Mon Nov 12 21:36:35 UTC 2007 

I am attempting to test the BIND 9.5.0a6 release with respect to the
GSS-API support for allowing Microsoft clients to perform GSS-TSIG based
dynamic updates.  I have the krb5.conf and krb5.keytab files configured
and working properly (verified via kinit).  My named.conf has the
following configuration:
 

options {

....

   tkey-gssapi-credential "DNS/bind-950a6.company.com";

   tkey-domain "company.com";

....

}

 

zone "company.com" {

   type master;

   file "db.company.com";

   update-policy { grant * self * ; };

}

 

What is not clear to me from the BIND 9 ARM available within the 9.5.0a6
release is what the exact syntax should be for the 'update-policy'
statement in the zone.  Can someone provide any further information on
the details of testing this GSS TSIG support, and particularly the
configuration of the 'update-policy' or 'allow-update' statements
required to support this.

 

Regards,

Greg

 

A. Gregory Rabil | Lead Software Architect | BT Diamond IP | 

Tel: +1 (610) 423-4770 | Fax: +1 (610) 423-4774 | Greg.Rabil at bt.com
<mailto:Karen.Pell at bt.com>  |  http://bt.diamondip.com
<http://bt.diamondip.com>    

 

This electronic message contains information from BT INS, Inc, which may
be privileged 

or confidential.  The information is intended for use only by the
individual(s) or entity named above.  If you 

are not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of 

this information is strictly prohibited.  If you have received this
electronic message in error, please notify

me by telephone or email (to the number or email address above)
immediately.

 

Activity and use of the BT INS, Inc  e-mail system is monitored to
secure its effective 

operation and for other lawful business purposes. Communications using
this system will also be monitored

and may be recorded to secure effective operation and for other lawful
business purposes.

 

BT INS Inc, 1600 Memorex Drive, Suite 200, Santa Clara California
95050-2842 ,United States

More information about the bind-users mailing list