patches to make bind9 with TKEY/GSS updates easier to configure

tridge at tridge at
Wed Dec 1 22:02:35 UTC 2010

Hi Mark,

 > If you can send me a stack backtrace that would be useful, I suspect I
 > missed something.

sure, the full backtrace is here:

This is with current CVS, plus your patch. It is without any of my

I launched it like this:

KRB5_KTNAME=dns.keytab KRB5_CONFIG=krb5.conf gdb --args /home/tridge/project/bind9/git/bin/named/.libs/named -m record,size,mctx  -c named.conf  -g -T clienttest -n 1

The named.conf is here:

the rest of the contents of the tsiggss test directory are from this

Note that the named.conf is an adjustment to the tsiggss test to use
the existing tkey-gssapi-credential and tkey-domain options, instead
of the new tkey-gssapi-keytab option. Unfortunatey you have to run
with KRB5_CONFIG set, plus either KRB5_KTNAME or KEYTAB_FILE set
(depending on kerberos version). That is one of the things that the
tkey-gssapi-keytab patch fixes.

I also had to make a trivial adjustment to your patch to fix the
prototype for insert_trustedkey() in dighost.c

Cheers, Tridge

More information about the bind-workers mailing list