Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for GSSAPI/Kerberos signed updates #30

Merged
merged 5 commits into from
Feb 19, 2021
Merged

Support for GSSAPI/Kerberos signed updates #30

merged 5 commits into from
Feb 19, 2021

Commits on Feb 19, 2021

  1. Update acceptance tests 

    Switch to using our own Dockerfile. This creates three container images:

* Kerberos KDC. This creates a new realm and two keytab files; one for
  BIND to use and another for a test user.
* BIND DNS server. This has Kerberos configured but can be operated
  without.
* User keytab. This exists purely to extract the keytab file out of the
  KDC container.

The containers need to be created in sync with each other as the keytab
files need to match up.

The acceptance tests now build the containers from scratch each time,
although the layers should be cached so repeat builds will be fast.

The tests then run as before using the BIND container with a different
/etc/named.conf volume mounted into place with either no TSIG
configured, an HMAC-SHA256 TSIG key, or using Kerberos/GSS-TSIG. In the
last case the KDC container is also created.

For now, no Kerberos-enabled tests are actually run.

The Travis build environment needed to be bumped from Trusty to Focal to
get a new enough version of Docker to be able to use the buildx plugin,
which is also installed.
    @bodgit
    bodgit committed Feb 19, 2021
    Configuration menu
    Copy the full SHA
    4d35c17 View commit details
    Browse the repository at this point in the history

  2. Add dependencies for GSS-TSIG 

    This commit is the result of running the following:

* go get github.com/bodgit/tsig
* go mod tidy
* go mod vendor
    @bodgit
    bodgit committed Feb 19, 2021
    Configuration menu
    Copy the full SHA
    400b94f View commit details
    Browse the repository at this point in the history

  3. Support for GSSAPI/Kerberos signed updates

    @bodgit
    bodgit committed Feb 19, 2021
    Configuration menu
    Copy the full SHA
    0fa5509 View commit details
    Browse the repository at this point in the history

  4. Add Kerberos acceptance tests 

    Runs three versions; password authentication, keytab authentication, and
using an existing ticket/session.
    @bodgit
    bodgit committed Feb 19, 2021
    Configuration menu
    Copy the full SHA
    a6225f2 View commit details
    Browse the repository at this point in the history

  5. Add MD5 acceptance test

    @bodgit
    bodgit committed Feb 19, 2021
    Configuration menu
    Copy the full SHA
    68a9824 View commit details
    Browse the repository at this point in the history