From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 1 Nov 2002 12:32:46 +0200 From: Alexander Bokovoy To: community@altlinux.ru Subject: Re: [Comm] Re[2]: [Comm] =?koi8-r?Q?DHCP_?= =?koi8-r?Q?=C9?= DDNS Message-ID: <20021101103246.GA30210@sam-solutions.net> References: <20021031161405.0c6952d4.aml@softex.ru> <20021101095049.57230f03.y_skv@mail.ru> <154356193.20021101111127@udm.ru> <20021101141449.14dd6fe2.aml@softex.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20021101141449.14dd6fe2.aml@softex.ru> Sender: community-admin@altlinux.ru Errors-To: community-admin@altlinux.ru X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.0.9 Precedence: bulk Reply-To: community@altlinux.ru List-Unsubscribe: , List-Id: List-Post: List-Help: List-Subscribe: , List-Archive: Archived-At: List-Archive: List-Post: On Fri, Nov 01, 2002 at 02:14:49PM +0400, Andrei M. Laptev wrote: > On Fri, 1 Nov 2002 11:11:27 +0400 > ASA wrote: > > > Hello YuriY, > > > > Friday, November 1, 2002, 10:50:49 AM, you wrote: > > > > > С другой стороны, логично: если ты знаешь какой IP на каком > > компе будет, что мешает тебе довести дело до конца и написать > > запись в DNS как в старые добрые времена? > > > Да в общем то я все это затеял вот из за чего: хочется мне чтобы в случае когда > юзер меняет имя компьютера в винде, то эти изменения автоматически отображались > в днс-е. Максимум конечно хотелось бы чтоб виндовый dhcp-клиент воспринимал > например option host-name, да и большинство других параметров, которые можно > раздавать по dhcp, но это уже не проблема самого dhcpd. > > Если кто-то считает что смена имени происходит редко, то это не про нас :) Для этого необходима реализация расширения TSIG-GSS для динамического DNS. Вот два письма от Andrew Tridgell на эту тему: ---------------------------------------------------------------------------- Those of you with win2000 based DNS servers might be interested to know that I have just successfully sent a TSIG-GSS dynamic DNS update to a win2000 server from a Linux box, using a kerberos ticket from MIT kerberos. This is an important piece of the netbiosless support that is being added to Samba. Thus far I have only sent successful updates using des-cbc-crc tickets. I would prefer to be able to use hmac-md5 tickets as that is what win2000 uses, but I haven't been able to get that to work yet. I'm guessing there may be a bug in the MIT hmac-md5 implementation, or at least a difference between the MIT and Microsoft implementations. The MIT library can certainly generate and use hmac-md5 tickets for other things (we use them in Samba ADS support all the time) so I suspect the problem is in using them for signing (like in calls to gss_get_mic()). My current test implementation is a mish-mash of perl and C, using the Net::DNS perl module for DNS packet construction and C to interface to the MIT kerberos GSSAPI library. I'm still thinking about how I will put this into a more palatable form, the choices seem to be to either cleanup my perl code a bit or try to modify the bind-9 nsupdate utility to handle the necessary TKEY requests. I originally started on this project with the aim of updating the bind-9 code but I've found it fairly hard to work out how to extend it, which is why I switched to the Net::DNS module. If anyone out there knows the bind-9 code really well and wants to help me produce a patch to that then please let me know. Cheers, Tridge ---------------------------------------------------------------------------- и второе, с ссылкой на код: ---------------------------------------------------------------------------- I've released an initial version of the tsig-gss dynamic DNS update utility at http://www.samba.org/ftp/samba/tsig-gss/ Cheers, Tridge ---------------------------------------------------------------------------- -- / Alexander Bokovoy --- After living in New York, you trust nobody, but you believe everything. Just in case.