GSS-TSIG update policy identity field
Mark Andrews
marka at isc.org
Wed May 11 13:32:54 UTC 2011
In message <BANLkTim7k4KYxYoz=awj9mwtCzvxB32Vog at mail.gmail.com>, Juergen Dietl
writes:
> Hello Mark,
>
> thanx for your anwer.
>
> Your first sentence maybe help me to understand why this is the client=B4s
> credential that it needs in the rule:
>
> WS-YBCL150939\$\@EXAMPLE.COM
>
> So fist is the hostname then the slash makes the $-sign just to be a normal
> letter and not variable for example, and the @example.com is the rest of ho=
> w
> windows uses the sort of identity.
> machinename$@EXAMPLE.COM <http://example.com/>
You don't need the backslashes in 9.8, earlier versions still need
the backslashes. $ and @ are special characters in master files
which is why they were escaped. We added name -> principle routines
in 9.8 which don't do unnecessary escapes.
> Is it normal that I have to put in the Windows identity in the named.conf
> and not the kerberus identity?
>
> So WS-YBCL150939\$\@EXAMPLE.COM and NOT host/WS-YBCL150939 at EXAMPLE.COM.
It depends on the network.
> What is host .....? I just know the principal as Service-Principal and ther=
> e
> its normally
> for example: DNS/lxdns10t.prim-dns.test1.test at EXAMPLE.TEST
>
> thanx a lot for all your help,
> cheers,
There are multiple conventions. Windows does it one way. MIT does
it a different way. named has code for both.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list