GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is used to authenticate DDNS updates. It is a modified form of TSIG authentication that uses Kerberos v5 authentication system.
You can configure the appliance to accept GSS-TSIG signed DDNS updates from a single client or multiple clients that belong to different AD domains in which each domain have a unique GSS-TSIG key. You can also configure the appliance to support one or multiple GSS-TSIG keys for each of Grid members.
The Kerberos key object represents the GSS-TSIG key used to authenticate clients for GSS-TSIG signed DDNS updates.
References to kerberoskey are object references.
The name part of the Kerberos key object reference has following components:
- The principal of the Kerberos key object
- The KVNO of the Kerberos key object
- The encryption type of the Kerberos key object
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): domain, enctype, in_use, principal, version.
The Kerberos domain name.
Type
String.
Search
The field is available for search via
Notes
The domain is part of the base object.
The domain cannot be updated.
domain cannot be written.
The Kerberos key encryption type.
Type
String.
Search
The field is available for search via
Notes
The enctype is part of the base object.
The enctype cannot be updated.
enctype cannot be written.
Determines whether the Kerberos key is assigned to the Grid or Grid member.
Type
Bool.
Search
The field is available for search via
Notes
The in_use is part of the base object.
The in_use cannot be updated.
in_use cannot be written.
The list of hostnames and services of Grid members where the key is assigned or Grid/DHCP4 or Grid/DHCP6 or Grid/DNS.
Type
String array.
Search
The field is not available for search.
Notes
The members cannot be updated.
members cannot be written.
The principal of the Kerberos key object.
Type
String.
Search
The field is available for search via
Notes
The principal is part of the base object.
The principal cannot be updated.
principal cannot be written.
The timestamp of the Kerberos key upload operation.
Type
Timestamp.
Search
The field is not available for search.
Notes
The upload_timestamp cannot be updated.
upload_timestamp cannot be written.
The Kerberos key version number (KVNO).
Type
Unsigned integer.
Search
The field is available for search via
Notes
The version is part of the base object.
The version cannot be updated.
version cannot be written.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| domain | String | N | Y | Y | : = ~ |
| enctype | String | N | Y | Y | = |
| in_use | Bool | N | Y | Y | = |
| members | [String] | N | Y | N | N/A |
| principal | String | N | Y | Y | : = ~ |
| upload_timestamp | Timestamp | N | Y | N | N/A |
| version | Unsigned int | N | Y | Y | ! < = > |
ipv6sharednetwork : DHCP IPv6 Shared Network object.
