kerberos dynamic DNS and the internal DNS server

Andrew Bartlett abartlet at
Fri Dec 30 04:43:23 MST 2011

On Fri, 2011-12-30 at 11:22 +0100, Kai Blin wrote:

> I disagree on the require part, at least for all clients, but I do agree
> that we need support for GSS-TSIG. No arguments there. All I'm saying is
> that I've seen setups that even under windows require people to allow
> non-authenticated DNS updates, and I'm confident that we can give people
> _that_ level of DNS already.

> But I also believe that if people want to run a
> different set-up, we should allow them too. 

If you can find the in-directory configuration directive that controls
this, then I'm quite happy for that to control this behaviour. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list