Can we please get the GSS-TSIG error fixed and testcase written for 4.0.5?

Michael Adam obnox at
Tue Apr 2 14:59:06 MDT 2013

Hi Andrew,

I am sorry for the delay! I was on vacation last week and
managed to mostly stay awas from the computer...

On 2013-03-25 at 17:21 +1100, Andrew Bartlett wrote:
> I'm wondering if I can call on your private offer to be a co-maintainer
> of the internal DNS server,


As I said earlier privately (if I recall it correctly), I do have
a strong interest in the success of our internal dns server, and
if we need a second maintainer and noone else can or wants to do
it, I would do it, but I am not an expert for DNS (yet? ;-), and
given my current workload, I can't promise reaction times and how
much time I will be able to spend, but I will try.

So much for now.
I'll try to look into the issue below in the next couple of days.

Cheers - Michael

> and see if you can help sort out the
> GSS-TSIG issue Günter Kukkukk isolated earlier this year, that which
> causes GSS-TSIG errors with nsupdate due to us misunderstanding the TSIG
> protocol?
> There is already a patch (which may or may not be a small layering
> violation), but there isn't a way to testing this currently, to ensure
> we don't fall back into 'fantasy crypto' like we currently do. 
> We have the pieces - the addns lib can do the check, as I understand it,
> and while we don't want to use that library long-term for testing, we
> really just need to do something - anything, even at a black box level
> around our 'net dns' command - to walk this code and check it's right. 
> Is there any chance you could take this on?  It would be really good to
> get this sorted for 4.0.5. 
> Also, in the longer term, how do we want to maintain our DNS solutions?
> We have two under-maintained solutions, with both maintainers having
> other very important calls on their time.  (We also have the remote
> CNAME lookup issue pending).
> Thanks,
> Andrew Bartlett
> -- 
> Andrew Bartlett                      
> Authentication Developer, Samba Team 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list