1. 10 Nov, 2014 3 commits
    • Dimitris Aragiorgis's avatar
      Use AUTHENTICATION_METHOD setting · c608941f
      Dimitris Aragiorgis authored
      The valid authentication methods are:
      
       - plain (nsupdate)
       - bind9 (nsupdate -k)
       - kerberos (nsupdate -g)
      
      The plain method assumes that the server allows updates without
      authentication (e.g. allow-update { 192.0.2.1;};). The bind9 method
      uses the -k option and requires a keyfile. The kerberos method uses
      the -g option and requires a principal and a keytab. For backwards
      compatibility if AUTHENTICATION_METHOD setting is missing in
      defaults file we use bind9.
      Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
      c608941f
    • Dimitris Aragiorgis's avatar
      Some minor refactor in snf-network-dnshook · 84a92e7b
      Dimitris Aragiorgis authored
      Let it run only after certain opcodes (instance-add, instance-modify,
      instance-remove, instance-rename).
      Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
      84a92e7b
    • Dimitris Aragiorgis's avatar
      Add kerberos authentication support for nsupdate · 0a49af87
      Dimitris Aragiorgis authored
      Up until now snf-network used nsupdate with a keyfile to
      dynamically update DNS entries on an external nameserver
      (bind9). This patch adds support for authenticating against an
      AD controller using Kerberos.
      
      Specifically we use "k5start -H" to ensure there is a happy ticket,
      otherwise use a keytab containing the password to obtain a ticket
      automatically. Finally, we use nsupdate in GSS-TSIG mode (with -g option
      and with KRB5CCNAME environment variable pointing to the ticket
      obtained previously by k5start) to update AD-integrated DNS server.
      
      The keytab file can be added with:
      
       # ktutil -v add -V 1 -e aes256-cts -p PRINCIPAL
      Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
      0a49af87
  2. 27 Mar, 2014 2 commits
  3. 10 Mar, 2014 4 commits
  4. 05 Mar, 2014 6 commits
  5. 13 Jan, 2014 1 commit
  6. 07 Dec, 2013 3 commits