From owner-freebsd-questions@FreeBSD.ORG Wed Dec 10 16:01:50 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A7911065675 for ; Wed, 10 Dec 2008 16:01:50 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from smtpauth.surewest.net (smtpauth.surewest.net [66.60.130.153]) by mx1.freebsd.org (Postfix) with ESMTP id E5AD08FC1A for ; Wed, 10 Dec 2008 16:01:49 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from blacklamb.mykitchentable.net (unknown [69.62.230.77]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpauth.surewest.net (Postfix) with ESMTP id D1C989C068; Wed, 10 Dec 2008 08:01:07 -0800 (PST) Received: from [192.168.1.3] (bigdaddy.mykitchentable.net [192.168.1.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTPSA id 01278164DC3; Wed, 10 Dec 2008 08:01:46 -0800 (PST) Message-ID: <493FE7F8.9010908@mykitchentable.net> Date: Wed, 10 Dec 2008 08:02:00 -0800 From: Drew Tomlinson User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: Pieter Donche References: <20081209185837.GA71505@marvin.optimis.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "mail.list freebsd-questions" Subject: Re: omshell how to use X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 16:01:50 -0000 I am not an expert nor have I even used this software in question. However... Pieter Donche wrote: > To use omshell for changing dhcpd.conf, one needs to use a TSIG key. > > Did the following: > # dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key This appears to be an MD5 encrypted key. > responded with: > Komapi_key.+157+18443 > > and created the files: > -rw------- 1 root admin 118 Dec 10 15:42 Komapi_key.+157+18443.key > -rw------- 1 root admin 156 Dec 10 15:42 > Komapi_key.+157+18443.private > > # cat Komapi_key.+157+18443.private > Private-key-format: v1.2 > Algorithm: 157 (HMAC_MD5) > Key: > Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ== > > Bits: AAA= > > # vi /usr/local/etc/dhcpd.conf > and added the statements > > key omapi_key { > algorithm HMAC-MD5; > secret > "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ=="; > > }; > omapi-key omapi_key; > > Then I started dhcpd, but it immediatly complains : > Starting dhcpd > ... > /usr/local/etc/dhcpd.conf: line 10: invalid base 64 character 10 This seems to want a base64 encrypted key. > secret > "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu > 1bM0ZzxdIhj0sQ=="; > ^ > /usr/local/etc/dhcpd.conf: line 12: Expecting a parameter or declaration > > What exactly does one have to specify on the 'secret' line ?? > The manual for omshell or dnssec-keygen don't have examples... > > Please a real life example with all the relevant information ... Sorry, I don't have any examples. However I suggest re-reading the docs and looking for specifics on key encryption. That might be the "key" to your success. :) Cheers, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com