Can't get BIND to use GSSAPI from /usr/local on FreeBSD
John Marshall
john.marshall at riverwillow.com.au
Tue Jun 15 23:39:07 UTC 2010
On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
>
> In message <slrni1ea5q.10j.john at rwpc12.mby.riverwillow.net.au>, John Marshall w
> rites:
> > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > >
> > > So what was in config.log? With libgssapi_krb5 you are trying to link
> > > against MIT kerberos.
> >
> > Sorry, s/_krb5// (Heimdal)
> >
> > The config.log is here, and seems convinced about using /usr/local.
> >
> > <http://www.riverwillow.net.au/~john/bind971rc1/config.log>
>
> Well you have two three versions of gssapi installed. Two in /usr
> (MIT + Heimdal) and one in /usr/local and configure is just not written
> to cope with that. MIT and Heimdal require different sets of libraries
> and the code that attempts to work that all out matched the MIT code in
> /usr before it tests the Heimdal code in /usr/local. I think this
> requires hand tweeking post configure.
I guess what we're seeing is a "feature" of the way FreeBSD integrates
Heimdal into its base system: it unbundles libgssapi into its component
parts (libgssapi_krb5, _ntlm, _spnego). There is no MIT Kerberos on the
system, just FreeBSD's "port" of Heimdal into its base system. Kerberos
in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
/usr/lib as described above). I also installed Heimdal 1.3.3 (un-hacked
- all one libgssapi.so) into /usr/local/lib so that I could try linking
BIND against it.
Now that I think I understand what is happening, is it worth asking
somebody who understands the workings of configure to teach it that
(irrespective of library names) the FreeBSD base system uses Heimdal?
Maybe not. In any case, pointers as to which file(s) to hack
post-configure would be appreciated.
Thank you for your help.
--
John Marshall
More information about the bind-users
mailing list