On 2012-10-16 05:40, Andrew Bartlett wrote: Hi,
> I'm having trouble parsing that, but yes, additional patches are > required to have the internal DNS server accept static keys. We would > need a key storage mechanism, and then code to implement that TSIG > method. I've had patches to do this, but ditched them in favour for conflicting patches to implement GSS-TSIG. > I think it would be a very valuable improvement. The algorithm is pretty straightforward, but I couldn't get the signature right the last time I tried. However, the logic on what parts of the packet to use for the signature is a bit tricky, but I'm sure I've now got that right for GSS-TSIG. Using a static key with md5 instead of gensec_sign should be straightforward, the interesting question is how and where we store the keys. Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
