Problems with Bind-Kerberos-Windows-Linux
Jürgen Dietl
juergen.dietl at googlemail.com
Mon Dec 6 16:01:35 UTC 2010
Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we have to
wait until MS follow the standards? :-)
Forgive me but what is a disjoint domain environment?
thanx a lot,
cheers,
Juergen
2010/12/6 Phil Mayers <p.mayers at imperial.ac.uk>
> On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
>
> The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
>> there a way to find out what principal it expects?
>>
>
> You can configure it:
>
> tkey-domain "YOUR.DOMAIN";
> tkey-gssapi-credential "DNS/hostname.your.domain";
>
> (I've never managed to make this work under bind, FWIW. Even when I did get
> the kerberos working, the ms-self ACL turns out to be useless in a disjoint
> domain environment)
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101206/06eaaf18/attachment.html>
More information about the bind-users
mailing list