patches to make bind9 with TKEY/GSS updates easier to configure
Andrew Bartlett
abartlet at samba.org
Fri Dec 3 22:52:50 UTC 2010
On Fri, 2010-12-03 at 22:47 +0000, Love Hörnquist Åstrand wrote:
> Hello tridge,
>
> > > An alternative is to use the GSS_C_DELEG_POLICY_FLAG which only
> > > delegates if the admin of the domain have said its ok to delegate
> > > to that host.
> >
> > Would you recommend that we add it?
> >
> > With my current patches the flags we're passing are:
> >
> > GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG
> >
>
>
> I would recommend what Microsoft sends + GSS_S_DELEG_POLICY_FLAG.
Thanks.
Tridge,
I'm pretty sure we removed the ability to forward for a good reason
however, so re-enabling this may expose other gremlins. I guess we now
need to look into and understand that better.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20101204/8e82d57b/attachment.bin>
More information about the bind-workers
mailing list