patches to make bind9 with TKEY/GSS updates easier to configure
abartlet at samba.org
Fri Dec 3 22:52:50 UTC 2010
On Fri, 2010-12-03 at 22:47 +0000, Love Hörnquist Åstrand wrote:
> Hello tridge,
> > > An alternative is to use the GSS_C_DELEG_POLICY_FLAG which only
> > > delegates if the admin of the domain have said its ok to delegate
> > > to that host.
> > Would you recommend that we add it?
> > With my current patches the flags we're passing are:
> > GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG
> I would recommend what Microsoft sends + GSS_S_DELEG_POLICY_FLAG.
I'm pretty sure we removed the ability to forward for a good reason
however, so re-enabling this may expose other gremlins. I guess we now
need to look into and understand that better.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the bind-workers