Filter
Top Products
algorithm defined in the Internet Draft “GSS Algorithm for TSIG (GSS-TSIG).” This
algorithm is based on the Generic Security Service Application Program Interface
(GSS-API) specified in RFC 2078. It provides security services independently of the
underlying security mechanism, and separates the security services into the
following processes:
• Establishing a security context by passing security tokens.
• Once a security context has been established, it has a finite lifetime during
which it can be used to create and verify transaction signatures on messages
between the two parties.
The sequence of events in the Secure Dynamic Update process is described below.
Local name server
Client
Server
TKEY negotiation (Kerberos)
TKEY negotiation
TKEY negotiation
Refused
Attempt non-secure
update
Result
Find authoritative
server
Result
Find authoritative
server
Reply (Success or
Failure) with TSIG
Update with TSIG
1
2
5
4
3
Attempt to Update Active
Directory with LDAP
Reply (Success or
Failure) with LDAP
6
Active Directory
TKEY negotiation (Kerberos)
TKEY negotiation (Kerberos)
TKEY negotiation (Kerberos)
7
Windows 2000 White Paper
19