Bug 346801
Summary: | Port dhcp to use NSS library for cryptography | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Peter Vrabec <pvrabec> | ||||||
Component: | dhcp | Assignee: | Jiri Popelka <jpopelka> | ||||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | rawhide | CC: | tmraz | ||||||
Target Milestone: | --- | Keywords: | FutureFeature, Reopened | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Enhancement | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-08-17 14:41:10 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 333741 | ||||||||
Attachments: |
|
Description
Peter Vrabec
2007-10-23 10:17:33 UTC
dhcp (both dhcpd and dhclient and dhcrelay) does not have any built-in authentication code. dhcpd links with with libldap for sites wanting to store DHCP server configuration data in an LDAP directory, so any authentication that happens around DHCP is for connecting to the LDAP server and that's all handled by OpenLDAP. It contains built in MD5 and HMAC-MD5 algorithms. If they are used in security relevant context they should be replaced with calls to NSS. Oh right, my bad. For the dnssec stuff. Created attachment 361986 [details]
dhcp-4.0.0-nss.patch
Created attachment 361988 [details]
dhcp-4.1.0-nss.patch
I've attached two patches I started to convert dhcp to the NSS libraries. Both patches are incomplete, but might be a starting place. ISC DHCP hasn't used the code mentioned in comment #2 since version 4.2.0, see bug #849166. Closing therefore. |