Can't get BIND to use GSSAPI from /usr/local
John Marshall
john at rwpc12.mby.riverwillow.net.au
Fri Jun 11 09:51:27 UTC 2010
BIND 9.7.1rc1
FreeBSD 8.1-PRERELEASE
I've just stepped into the world of nsupdate (instead of doing the
freeze/edit/thaw dance). I have had success using TSIG (nsupdate -k)
but I would like to use TKEY-GSS (nsupdate -g). When I try to do that,
nsupdate dumps core.
$ /usr/bin/nsupdate -g -d
> prereq nxdomain rwpc12.mby.riverwillow.net.au.
>
Reply from SOA query:
--------< snip >--------
Found zone name: mby.riverwillow.net.au
The master is: ns1.mby.riverwillow.net.au
start_gssrequest
nsupdate: Failed to generate random block
Abort trap (core dumped)
I suspect the operating system at this point but want to build BIND
against separate gssapi_krb5 and OpenSSL libraries in order to isolate
the problem.
Telling configure --with-openssl=/usr/local does the trick for OpenSSL.
Telling configure --with-gssapi=/usr/local makes all the right kind of
impressions on config.log, but the linker still ends up using the
operating system's gssapi libraries under /usr/lib. Is there something
else I need to do to nudge BIND in the direction of libgssapi_krb5 in
/usr/local ?
Until now I've never built BIND with gssapi, so I'm prepared to be told
I've missed something basic.
Thank you.
--
John Marshall
More information about the bind-users
mailing list