GSS-TSIG update policy identity field
Mark Andrews
marka at isc.org
Wed May 11 11:17:29 UTC 2011
To match machines in the EXAMPLE.COM realm you would use one of these.
Windows uses the following sort of identity for machines
machinename$@EXAMPLE.COM
grant EXAMPLE.COM ms-self * any;
grant EXAMPLE.COM ms-subdomain * any;
Kerberos uses the following identities for machines
host/machinename at EXAMPLE.COM
grant EXAMPLE.COM krb5-self * any;
grant EXAMPLE.COM krb5-subdomain * any;
{ms,krb5}-self allows updates of machinename
{ms,krb5}-subdomain allows updates of *.machinename
For ordinary users there isn't a mapping which turns user at REALM into
user.realm
grant user at realm subdomain example.test any.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list