[Samba] Change DNS method?
mat at samba.org
Tue Oct 16 11:56:18 MDT 2012
On 10/16/2012 12:57 AM, Kai Blin wrote:
> On 2012-10-16 05:40, Andrew Bartlett wrote:
>> I'm having trouble parsing that, but yes, additional patches are
>> required to have the internal DNS server accept static keys. We would
>> need a key storage mechanism, and then code to implement that TSIG
> I've had patches to do this, but ditched them in favour for conflicting
> patches to implement GSS-TSIG.
>> I think it would be a very valuable improvement.
> The algorithm is pretty straightforward, but I couldn't get the
> signature right the last time I tried. However, the logic on what parts
> of the packet to use for the signature is a bit tricky, but I'm sure
> I've now got that right for GSS-TSIG. Using a static key with md5
> instead of gensec_sign should be straightforward, the interesting
> question is how and where we store the keys.
Well you could have a dedicated account for it, and the secret just have
to be md4(real_secret) in dhcpd, in this case you can use the
unicodePwd, the other option is to use the supplementary credentials to
store the password in clear text (less straight forward).
More information about the samba