[Opendnssec-develop] FYI: Enforcer storage in LDAP at RedHat
Jerry Lundström
jerry at opendnssec.org
Thu Jun 26 06:19:41 UTC 2014
Hi Rick,
Currently home sick so I will be short.
Petr sent a mail to the user list in early Mars and it did not go
unnoticed. We are working on a new database layer [1][2], it supports
basicly any backend and we are converting existing code from C++ to C and
making it non-transactional.
[1] https://github.com/opendnssec/opendnssec/pull/76
[2] https://github.com/jelu/opendnssec/tree/dbx/enforcer-ng/src/db
--
Jerry Lundström - OpenDNSSEC Developer
http://www.opendnssec.org/
On 25 jun 2014, at 14:53, Rick van Rein <rick at openfortress.nl> wrote:
Hi,
A while back we’ve discussed alternate databases, and I proposed LDAP as an
option. It was deemed too far off the current design of the Enforcer, even
if it is technically practical for many admins.
When discussing some OpenDNSSEC-related things with Petr Spacek, he showed
me RedHat's project that is doing exactly this; they are storing the
information from the Enforcer in their FreeIPA infrastructure. Their short
and long term plans are here:
*
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm
*
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm
They also intend to store wrapped private keys in LDAP; I am talking them
through alternatives which retain PKCS #11 protection yet support their
wishes.
Cheers,
-Rick_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140626/349f5389/attachment.htm>
More information about the Opendnssec-develop
mailing list