Problems with Bind-Kerberos-Windows-Linux

Jürgen Dietl juergen.dietl at
Mon Dec 6 16:01:35 UTC 2010

Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we have to
wait until MS follow the standards? :-)

Forgive me but what is a disjoint domain environment?

thanx a lot,

2010/12/6 Phil Mayers <p.mayers at>

> On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
>  The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
>> there a way to find out what principal it expects?
> You can configure it:
>        tkey-domain "YOUR.DOMAIN";
>        tkey-gssapi-credential "DNS/hostname.your.domain";
> (I've never managed to make this work under bind, FWIW. Even when I did get
> the kerberos working, the ms-self ACL turns out to be useless in a disjoint
> domain environment)
> _______________________________________________
> bind-users mailing list
> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list