• Dimitris Aragiorgis's avatar
    Add kerberos authentication support for nsupdate · 0a49af87
    Dimitris Aragiorgis authored
    Up until now snf-network used nsupdate with a keyfile to
    dynamically update DNS entries on an external nameserver
    (bind9). This patch adds support for authenticating against an
    AD controller using Kerberos.
    
    Specifically we use "k5start -H" to ensure there is a happy ticket,
    otherwise use a keytab containing the password to obtain a ticket
    automatically. Finally, we use nsupdate in GSS-TSIG mode (with -g option
    and with KRB5CCNAME environment variable pointing to the ticket
    obtained previously by k5start) to update AD-integrated DNS server.
    
    The keytab file can be added with:
    
     # ktutil -v add -V 1 -e aes256-cts -p PRINCIPAL
    Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
    0a49af87
Name
Last commit
Last update
docs Loading commit data...
examples Loading commit data...
.gitignore Loading commit data...
README.md Loading commit data...
common.sh Loading commit data...
devflow.conf Loading commit data...
ifup-extra Loading commit data...
kvm-ifdown-custom Loading commit data...
kvm-ifup-custom Loading commit data...
mac2eui64 Loading commit data...
pylintrc Loading commit data...
runlocked Loading commit data...
snf-network-dnshook Loading commit data...
snf-network-hook Loading commit data...
snf-network-log Loading commit data...
snf-network.ferm Loading commit data...
version Loading commit data...
vif-custom Loading commit data...