Problems with Bind-Kerberos-Windows-Linux

Phil Mayers p.mayers at
Mon Dec 6 15:37:36 UTC 2010

On 12/06/2010 03:18 PM, Jürgen Dietl wrote:

> The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
> there a way to find out what principal it expects?

You can configure it:

         tkey-domain "YOUR.DOMAIN";
         tkey-gssapi-credential "DNS/hostname.your.domain";

(I've never managed to make this work under bind, FWIW. Even when I did 
get the kerberos working, the ms-self ACL turns out to be useless in a 
disjoint domain environment)

More information about the bind-users mailing list