Hello Dan Mahoney,
here the third message... Sorry, fpor the late answer, your message was
eaten by my samfilter and I found it today...
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Am 2011-05-10 23:42:58, hacktest Du folgendes herunter:
> I'm still not seeing it show up in bind
In message <4dca7893.5060...@imperial.ac.uk>, Phil Mayers writes:
> On 11/05/11 12:17, Mark Andrews wrote:
>
> > {ms,krb5}-subdomain allows updates of *.machinename
>
> One note - this isn't so handy if you have a disjoint namespace, where:
>
> machinename.*.example.com
>
> ...is what you want
On 11/05/11 14:55, Mark Andrews wrote:
In message<4dca7893.5060...@imperial.ac.uk>, Phil Mayers writes:
On 11/05/11 12:17, Mark Andrews wrote:
{ms,krb5}-subdomain allows updates of *.machinename
One note - this isn't so handy if you have a disjoint namespace, where:
machinename.*.example.c
Try:
grant EXAMPLE.TEST subdomain EXAMPLE.TEST ANY;
_
Nicholas Miller, ITS, University of Colorado at Boulder
On May 11, 2011, at 7:08 AM, Juergen Dietl wrote:
> Hello,
>
> and thanx for all your answeres.
>
> I want to ask the question
In message , Juergen Dietl
writes:
> Hello Mark,
>
> thanx for your anwer.
>
> Your first sentence maybe help me to understand why this is the client=B4s
> credential that it needs in the rule:
>
> WS-YBCL150939\$\@EXAMPLE.COM
>
> So fist is the hostname then the slash makes the $-sign just t
> So I look for a way that I can say that all clients from EXAMPLE.TEST are
> allowed to update their own record (or whatever).
Sounds like a task for update-policy external [1], but note that that
requires updates to be sent via TCP and not UDP. [2]
-JP
[1]: https://lists.isc.org/piperm
Hello Mark,
thanx for your anwer.
Your first sentence maybe help me to understand why this is the client´s
credential that it needs in the rule:
WS-YBCL150939\$\@EXAMPLE.COM
So fist is the hostname then the slash makes the $-sign just to be a normal
letter and not variable for example, and the
Hello,
and thanx for all your answeres.
I want to ask the question again in a shorter way:
If I look in the log the client tells the dns-server:
request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST
when I now put in the rule:
grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test. ANY
On 11/05/11 12:17, Mark Andrews wrote:
{ms,krb5}-subdomain allows updates of *.machinename
One note - this isn't so handy if you have a disjoint namespace, where:
machinename.*.example.com
...is what you want. We are in this boat, and can't use the built in
ACLs for this very reason.
_
To match machines in the EXAMPLE.COM realm you would use one of these.
Windows uses the following sort of identity for machines
machinename$@EXAMPLE.COM
grant EXAMPLE.COM ms-self * any;
grant EXAMPLE.COM ms-subdomain * any;
Kerberos uses the following identities for mac
Juergen,
> I use GSS-TSIG and the handbook says that in gss-tsig the content of the
> identity field ist the common secret which is the kerberos principal.
I believe you'll have to set `tkey-gssapi-credential' and `tkey-domain` for
this to work the way you want, though I do confess to not have a
Hello,
i run GSS-TSIG on a SuSE Enterprise 11 Server using bind 9.8 latest version.
I have 3 domains:
example1.test
example2.test
example3.test
I created 3 keys and merge them with ktutil.
Now I want to use update policy:
For this I have the follwoing rule:
update-policy {
grant * subdomain
12 matches
Mail list logo
