secure dynamic dns updates to AD - possible?
Gerald (Jerry) Carter
jerry at samba.org
Mon Aug 16 16:10:17 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Liz S. Reynolds wrote:
| Please pardon my jumping in,
|
| The most current information I could find on this
| issue is something along the lines of "it's not there but
| no reason it shouldn't be, all the necessary pieces
| are available".
|
| Is this in fact true, or is there some as-yet unsolved
| stumbling block?
|
| Is anyone here working on an implementation or know of
| someone who is?
|
| I found nsupdate-gss.pl, but it is not working on
| my platform (sparc solaris 8), possibly due to a bug
| in the Net-DNS patch. This seems to be out of development. It
| also requires the GSSAPI perl module, the latest
| version of which won't build with anything near a
| current kerberos.
|
| I'm interested enough in getting this working to write
| my own nsupdate program (in C, my language of choice) and
| have in fact been hacking at it
| for a little while now. I'd be willing to contribute the
| source back, if it is wanted, and ever works :-P
|
| My most recent stumbling block is completing
| establishing the security context, I'm getting G_WRONG_TOKID
| verifying the token header obtained from
| the TKEY reply received from the AD server.
Liz,
The tsig-gss directory was some code Tridge put up but
it hasn't been touched in a while. Probably just needs cleanup.
I'll be glad to look at any patches you come up with.
Good luck.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBINxpIR7qMdg1EfYRAk8yAKCHmd4iQaC9oE0BTXeyHqxcji5KegCaA5TN
HAccpJhi1ZioVi0dtRQHMjM=
=8JVe
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list