patches to make bind9 with TKEY/GSS updates easier to configure
Love Hörnquist Åstrand
lha at kth.se
Fri Dec 3 22:47:35 UTC 2010
Hello tridge,
>> An alternative is to use the GSS_C_DELEG_POLICY_FLAG which only
>> delegates if the admin of the domain have said its ok to delegate
>> to that host.
>
> Would you recommend that we add it?
>
> With my current patches the flags we're passing are:
>
> GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG
I would recommend what Microsoft sends + GSS_S_DELEG_POLICY_FLAG.
Love
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20101203/c12bcfbb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20101203/c12bcfbb/attachment.bin>
More information about the bind-workers
mailing list