[Samba] Change DNS method?
Kai Blin
kai at samba.org
Tue Oct 16 01:57:37 MDT 2012
On 2012-10-16 05:40, Andrew Bartlett wrote:
Hi,
> I'm having trouble parsing that, but yes, additional patches are
> required to have the internal DNS server accept static keys. We would
> need a key storage mechanism, and then code to implement that TSIG
> method.
I've had patches to do this, but ditched them in favour for conflicting
patches to implement GSS-TSIG.
> I think it would be a very valuable improvement.
The algorithm is pretty straightforward, but I couldn't get the
signature right the last time I tried. However, the logic on what parts
of the packet to use for the signature is a bit tricky, but I'm sure
I've now got that right for GSS-TSIG. Using a static key with md5
instead of gensec_sign should be straightforward, the interesting
question is how and where we store the keys.
Cheers,
Kai
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
More information about the samba
mailing list