[Samba] Change DNS method?

Kai Blin kai at samba.org
Tue Oct 16 01:57:37 MDT 2012

On 2012-10-16 05:40, Andrew Bartlett wrote:


> I'm having trouble parsing that, but yes, additional patches are
> required to have the internal DNS server accept static keys.  We would
> need a key storage mechanism, and then code to implement that TSIG
> method.

I've had patches to do this, but ditched them in favour for conflicting
patches to implement GSS-TSIG.

> I think it would be a very valuable improvement. 

The algorithm is pretty straightforward, but I couldn't get the
signature right the last time I tried. However, the logic on what parts
of the packet to use for the signature is a bit tricky, but I'm sure
I've now got that right for GSS-TSIG. Using a static key with md5
instead of gensec_sign should be straightforward, the interesting
question is how and where we store the keys.


Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/

More information about the samba mailing list