secure dynamic dns updates to AD - possible?

Gerald (Jerry) Carter jerry at
Mon Aug 16 16:10:17 GMT 2004

Hash: SHA1

Liz S. Reynolds wrote:
| Please pardon my jumping in,
| The most current information I could find on this
| issue is something along the lines of "it's not there but
| no reason it shouldn't be, all the necessary pieces
| are available".
| Is this in fact true, or is there some as-yet unsolved
| stumbling block?
| Is anyone here working on an implementation or know of
| someone who is?
| I found, but it is not working on
| my platform (sparc solaris 8), possibly due to a bug
| in the Net-DNS patch. This seems to be out of development. It
| also requires the GSSAPI perl module, the latest
| version of which won't build with anything near a
| current kerberos.
| I'm interested enough in getting this working to write
| my own nsupdate program (in C, my language of choice) and
| have in fact been hacking at it
| for a little while now. I'd be willing to contribute the
| source back, if it is wanted, and ever works :-P
| My most recent stumbling block is completing
| establishing the security context, I'm getting G_WRONG_TOKID
| verifying the token header obtained from
| the TKEY reply received from the AD server.


The tsig-gss directory was some code Tridge put up but
it hasn't been touched in a while.  Probably just needs cleanup.
I'll be glad to look at any patches you come up with.
Good luck.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      -------
GnuPG Key                -----
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list