kerberoskey : Kerberos key object.¶
GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is used to authenticate DDNS updates. It is a modified form of TSIG authentication that uses Kerberos v5 authentication system.
You can configure the appliance to accept GSS-TSIG signed DDNS updates from a single client or multiple clients that belong to different AD domains in which each domain have a unique GSS-TSIG key. You can also configure the appliance to support one or multiple GSS-TSIG keys for each of Grid members.
The Kerberos key object represents the GSS-TSIG key used to authenticate clients for GSS-TSIG signed DDNS updates.
Object Reference¶
References to kerberoskey are object references.
The name part of the Kerberos key object reference has following components:
The principal of the Kerberos key object
The KVNO of the Kerberos key object
The encryption type of the Kerberos key object
- Example:
kerberoskey/ ZG5zLm9wdGlvbl9kZWZpbml0aW9uJGluZm8uLmZhbHNlLjI1Mg: PRINCIPAL1/1/DES-CBC-CRC
Restrictions¶
The object does not support the following operations:
Create (insert)
Modify (update)
Scheduling
CSV export
The object cannot be managed on Cloud Platform members.
Fields¶
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): domain, enctype, in_use, principal, version.
domain¶
- domain¶
The Kerberos domain name.
Type
String.
Search
The field is available for search via
‘~=’ (regular expression)
‘=’ (exact equality)
‘:=’ (case insensitive search)
Notes
The domain is part of the base object.
The domain cannot be updated.
domain cannot be written.
enctype¶
- enctype¶
The Kerberos key encryption type.
Type
String.
- Valid values are:
AES128-CTS-HMAC-SHA1-96
AES256-CTS-HMAC-SHA1-96
ARCFOUR-HMAC-MD5
DES-CBC-CRC
DES-CBC-MD5
Search
The field is available for search via
‘=’ (exact equality)
Notes
The enctype is part of the base object.
The enctype cannot be updated.
enctype cannot be written.
in_use¶
- in_use¶
Determines whether the Kerberos key is assigned to the Grid or Grid member.
Type
Bool.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The in_use is part of the base object.
The in_use cannot be updated.
in_use cannot be written.
members¶
- members¶
The list of hostnames and services of Grid members where the key is assigned or Grid/DHCP4 or Grid/DHCP6 or Grid/DNS.
Type
String array.
Search
The field is not available for search.
Notes
The members cannot be updated.
members cannot be written.
principal¶
- principal¶
The principal of the Kerberos key object.
Type
String.
Search
The field is available for search via
‘~=’ (regular expression)
‘=’ (exact equality)
‘:=’ (case insensitive search)
Notes
The principal is part of the base object.
The principal cannot be updated.
principal cannot be written.
upload_timestamp¶
- upload_timestamp¶
The timestamp of the Kerberos key upload operation.
Type
Timestamp.
Search
The field is not available for search.
Notes
The upload_timestamp cannot be updated.
upload_timestamp cannot be written.
version¶
- version¶
The Kerberos key version number (KVNO).
Type
Unsigned integer.
Search
The field is available for search via
‘!=’ (negative search)
‘<=’ (less than search)
‘=’ (exact equality)
‘>=’ (greater than search)
Notes
The version is part of the base object.
The version cannot be updated.
version cannot be written.
Fields List¶
Field |
Type |
Req |
R/O |
Base |
Search |
|---|---|---|---|---|---|
domain |
String |
N |
Y |
Y |
: = ~ |
enctype |
String |
N |
Y |
Y |
= |
in_use |
Bool |
N |
Y |
Y |
= |
members |
[String] |
N |
Y |
N |
N/A |
principal |
String |
N |
Y |
Y |
: = ~ |
upload_timestamp |
Timestamp |
N |
Y |
N |
N/A |
version |
Unsigned int |
N |
Y |
Y |
! < = > |
