Can't get BIND to use GSSAPI from /usr/local on FreeBSD

Mark Andrews marka at isc.org
Wed Jun 16 00:06:56 UTC 2010 

In message <20100615233907.GD1025 at rwpc12.mby.riverwillow.net.au>, John Marshall
 writes:
> On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
> > 
> > In message <slrni1ea5q.10j.john at rwpc12.mby.riverwillow.net.au>, John Marsha
> ll w
> > rites:
> > > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > > >
> > > > So what was in config.log?  With libgssapi_krb5 you are trying to link
> > > > against MIT kerberos.
> > > 
> > > Sorry, s/_krb5// (Heimdal)
> > > 
> > > The config.log is here, and seems convinced about using /usr/local.
> > > 
> > >   <http://www.riverwillow.net.au/~john/bind971rc1/config.log>
> > 
> > Well you have two three versions of gssapi installed.  Two in /usr
> > (MIT + Heimdal) and one in /usr/local and configure is just not written
> > to cope with that.  MIT and Heimdal require different sets of libraries
> > and the code that attempts to work that all out matched the MIT code in
> > /usr before it tests the Heimdal code in /usr/local.  I think this
> > requires hand tweeking post configure.
> 
> I guess what we're seeing is a "feature" of the way FreeBSD integrates
> Heimdal into its base system: it unbundles libgssapi into its component
> parts (libgssapi_krb5, _ntlm, _spnego).  There is no MIT Kerberos on the
> system, just FreeBSD's "port" of Heimdal into its base system.  Kerberos
> in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
> /usr/lib as described above).  I also installed Heimdal 1.3.3 (un-hacked
> - all one libgssapi.so) into /usr/local/lib so that I could try linking
> BIND against it.

	libgssapi_krb5 is from MIT Kerberos.

% grep gssapi /usr/ports/security/heimdal/pkg-plist
include/gssapi.h
include/gssapi/gkrb5_err.h
include/gssapi/gssapi.h
include/gssapi/gssapi_krb5.h
include/gssapi/gssapi_spnego.h
lib/libgssapi.a
lib/libgssapi.la
lib/libgssapi.so
lib/libgssapi.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5/pkg-plist 
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5-16/pkg-plist
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
%

 
> Now that I think I understand what is happening, is it worth asking
> somebody who understands the workings of configure to teach it that
> (irrespective of library names) the FreeBSD base system uses Heimdal?
> Maybe not.  In any case, pointers as to which file(s) to hack
> post-configure would be appreciated.
> 
> Thank you for your help.
> 
> -- 
> John Marshall
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list