OK, I've built myself a bind 9.8.3 setup so I can use the 'external'
update-policy. It seems there are a few details not fully described in
the 9.8.3 ARM :) I did have a bit of a look at the list archives but I
couldn't find anything which immediately answered my questions...
* If the external da
If you need a different mapping then use "external" to do a customised
mapping from kerberos identity to the dns identity. ms-* and krb5-*
assume a standard mapping.
>From ARM:
external:
This rule allows named to defer the decision of whether to allow a given update
to an external daemon.
The
Disclaimer: I'm new to trying gss-tsig as an update method, so it is
entirely possible I'm doing something completely stupid.
I'm using bind 9.7.3 (because it ships with RedHat 6), with an Active
Directory as the kerberos infrastructure.
If I use the following update-policy:
grant * subdomain my
3 matches
Mail list logo
