Hello,
thanx to all that helped me. Problem solved.
The main reason was this posted by phil
1. Ensure there is a prinicpal in your kerberos realm "DNS/
hostname.domain.com", matching the hostname of your DNS server
This is why I always got a wrong principal name.
Have a nice weekend,
cheers,
Hello Sergiu,
I tried to put in 2 credential Entries in the named.conf:
tkey-gssapi-credential "DNS/test.loc"; (that was in before)
tkey-gssapi-credential "USER/test.loc", (new entry)
tkey-domain "TEST.LOC";
The system didnt like the second entry for the user. So how can I put in 2
credentials, o
Hello Serjiu,
many thanx for your hint. This I was asking me too for some time. Because
the TGT is for the client name (principal) that is logged in at the moment
and the service should be always for the same principal name on any client.
So yes I will need to define 2 principals.
You wrote:
You s
: Jürgen Dietl
Regards,
Noe N.
HP Hostmaster
Sent from my iPhone.
On Dec 6, 2010, at 10:02 AM, "Jürgen Dietl" mailto:juergen.di...@googlemail.com>> wrote:
Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V.
Hello,
when you read my post before I try to make GSSTSIG run in a testlab
environment with 1 Windows Kerberos-Client, 3 x Kerberos-Server (VMWare) and
1 x DNS-BIND-LINUX-Server (Suse).
Bind-Version: 9.7.2
I do this now the 3rd week. I was reading a lot of books and manuals, doing
a lot of confi
Phil Mayers
> On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
>
> The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
>> there a way to find out what principal it expects?
>>
>
> You can configure it:
>
>tkey-domain "YO
Hello Phil,
thanx for your answer.I dont know really what the server offers because I
dont get a valid response:
Frame 2475: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits)
Ethernet II, Src: xx, Dst: Vmware_x
Internet Protocol, Src: , Dst
Hello,
I am trying to allow the DNS-Client to do dynamic updates at the DNS-Server
using BIND. I want to use Kerberos as the security protocol. For that I have
a small test lab with a client, 3 Kerberos Server and one Suse Linux
DNS-Server. The 3 Kerberos-Server are emulated with using VM-Ware.
8 matches
Mail list logo
