Implement GSS-TSIG to send DDNS updates to Active Directory
name: Implement GSS-TSIG to send DDNS updates to Active Directory about: DDNS updates
Some initial questions
- Are you sure your feature is not already implemented in the latest Kea version? Yes.
- Are you sure what you would like to do is not possible using some other mechanisms? No.
- Have you discussed your idea on kea-users or kea-dev mailing lists? No.
Is your feature request related to a problem? Please describe. Some users of an OEM product implementing Kea would like to send DDNS updates to Active Directory, securing those updates with GSS-TSIG.
Describe the solution you'd like The requestor would like to see Kea add support for GSS-TSIG authentication on the DDNS connections, as well as probably testing and validation of updating to AD.
Describe alternatives you've considered I don't know enough about AD to know if other authentication mechanisms are available, but that would seem to be the most obvious alternative.
Additional context The Kea core team discussed this feature request in a development meeting at the end of August, 2020 and concluded this is a big effort, both for initial development and for maintenance. One issue is the quality of available GSS-TSIG libraries to use. So, we are at the moment NOT PLANNING to implement this. I am opening this ticket so that others may chime in about their requirements, or workarounds, or possibly, someone may volunteer to contribute this.
(related ISC support issue #17008)