GSS-TSIG update policy identity field
isclists01 at googlemail.com
Wed May 11 08:01:03 UTC 2011
i run GSS-TSIG on a SuSE Enterprise 11 Server using bind 9.8 latest version.
I have 3 domains:
I created 3 keys and merge them with ktutil.
Now I want to use update policy:
For this I have the follwoing rule:
grant * subdomain example1.test. ANY;
Works perfect. But the asterix stands for the identity field.
The rule is:
(grant | deny) identity nametype [name] [types]
Works also perfect but if i do a wildcard as identity then multiple
identities are allowed to do dns-update.
>> The goal is that only the client itsself is allowed to update its own
So I must put in some other content instead of the asterix. And there I need
I use GSS-TSIG and the handbook says that in gss-tsig the content of the
identity field ist the common secret which is the kerberos principal.
So I tried about 100 combiniations like:
grant DNS/user.example1.test at EXAMPLE1.TEST subdomain example1.test ANY
I always get a refuse. What should I put in as the identity field?
thanx for all your help,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users