Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Dec 2008 08:02:00 -0800
From:      Drew Tomlinson <drew@mykitchentable.net>
To:        Pieter Donche <Pieter.Donche@ua.ac.be>
Cc:        "mail.list freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   Re: omshell how to use
Message-ID:  <493FE7F8.9010908@mykitchentable.net>
In-Reply-To: <Pine.GSO.4.63.0812101534260.5421@hmacs.cmi.ua.ac.be>
References:  <Pine.GSO.4.63.0812091752270.19005@hmacs.cmi.ua.ac.be>	<20081209185837.GA71505@marvin.optimis.net> <Pine.GSO.4.63.0812101534260.5421@hmacs.cmi.ua.ac.be>
next in thread | previous in thread | raw e-mail | index | archive | help 
I am not an expert nor have I even used this software in question.  
However...

Pieter Donche wrote:
> To use omshell for changing dhcpd.conf, one needs to use a TSIG key.
>
> Did the following:
> # dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key

This appears to be an MD5 encrypted key.

> responded with:
> Komapi_key.+157+18443
>
> and created the files:
> -rw-------   1 root   admin    118 Dec 10 15:42 Komapi_key.+157+18443.key
> -rw-------   1 root   admin    156 Dec 10 15:42 
> Komapi_key.+157+18443.private
>
> # cat Komapi_key.+157+18443.private
> Private-key-format: v1.2
> Algorithm: 157 (HMAC_MD5)
> Key: 
> Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ== 
>
> Bits: AAA=
>
> # vi /usr/local/etc/dhcpd.conf
> and added the statements
>
> key omapi_key {
> algorithm HMAC-MD5;
> secret 
> "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ=="; 
>
> };
> omapi-key omapi_key;
>
> Then I started dhcpd,  but it immediatly complains :
> Starting dhcpd
> ...
> /usr/local/etc/dhcpd.conf: line 10: invalid base 64 character 10

This seems to want a base64 encrypted key. 

> secret 
> "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu
> 1bM0ZzxdIhj0sQ==";
>        ^
> /usr/local/etc/dhcpd.conf: line 12: Expecting a parameter or declaration
>
> What exactly does one have to specify on the 'secret' line ??
> The manual for omshell or dnssec-keygen don't have examples...
>
> Please a real life example with all the relevant information ...

Sorry, I don't have any examples.  However I suggest re-reading the docs 
and looking for specifics on key encryption.  That might be the "key" to 
your success.  :)

Cheers,

Drew

-- 
Be a Great Magician!
Visit The Alchemist's Warehouse

http://www.alchemistswarehouse.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?493FE7F8.9010908>