If you need a different mapping then use "external" to do a customised
mapping from kerberos identity to the dns identity. ms-* and krb5-*
assume a standard mapping.
>From ARM:
external:
This rule allows named to defer the decision of whether to allow a given update
to an external daemon.
The
Disclaimer: I'm new to trying gss-tsig as an update method, so it is
entirely possible I'm doing something completely stupid.
I'm using bind 9.7.3 (because it ships with RedHat 6), with an Active
Directory as the kerberos infrastructure.
If I use the following update-policy:
grant * subdomain my
2 matches
Mail list logo
