Hello,
i run GSS-TSIG on a SuSE Enterprise 11 Server using bind 9.8 latest version.
I have 3 domains:
example1.test
example2.test
example3.test
I created 3 keys and merge them with ktutil.
Now I want to use update policy:
For this I have the follwoing rule:
update-policy {
grant * subdomain example1.test. ANY;
}
Works perfect. But the asterix stands for the identity field.
The rule is:
(grant | deny) identity nametype [name] [types]
Works also perfect but if i do a wildcard as identity then multiple
identities are allowed to do dns-update.
>> The goal is that only the client itsself is allowed to update its own
address.<<
So I must put in some other content instead of the asterix. And there I need
your help.
I use GSS-TSIG and the handbook says that in gss-tsig the content of the
identity field ist the common secret which is the kerberos principal.
So I tried about 100 combiniations like:
grant DNS/user.example1.t...@example1.test subdomain example1.test ANY
I always get a refuse. What should I put in as the identity field?
thanx for all your help,
cheers,
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
