-
Dimitris Aragiorgis authored
Up until now snf-network used nsupdate with a keyfile to dynamically update DNS entries on an external nameserver (bind9). This patch adds support for authenticating against an AD controller using Kerberos. Specifically we use "k5start -H" to ensure there is a happy ticket, otherwise use a keytab containing the password to obtain a ticket automatically. Finally, we use nsupdate in GSS-TSIG mode (with -g option and with KRB5CCNAME environment variable pointing to the ticket obtained previously by k5start) to update AD-integrated DNS server. The keytab file can be added with: # ktutil -v add -V 1 -e aes256-cts -p PRINCIPAL Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
0a49af87