secure dynamic dns updates to AD - possible?

[Liz S. Reynolds]

Please pardon my jumping in,

The most current information I could find on this issue is something along
the lines of "it's not there but no reason it shouldn't be, all the
necessary pieces are available".

Is this in fact true, or is there some as-yet unsolved stumbling block?

Is anyone here working on an implementation or know of someone who is?

I found nsupdate-gss.pl, but it is not working on my platform (sparc
solaris 8), possibly due to a bug in the Net-DNS patch. This seems to be
out of development. It also requires the GSSAPI perl module, the latest
version of which won't build with anything near a current kerberos.

I'm interested enough in getting this working to write my own nsupdate
program (in C, my language of choice) and have in fact been hacking at it
for a little while now. I'd be willing to contribute the source back, if it
is wanted, and ever works :-P

My most recent stumbling block is completing establishing the security
context, I'm getting G_WRONG_TOKID verifying the token header obtained from
the TKEY reply received from the AD server.

Any advice would be appreciated.

Thanks muchly,

-Liz