patches to make bind9 with TKEY/GSS updates easier to configure

tridge at samba.org tridge at samba.org
Wed Dec 1 22:02:35 UTC 2010


Hi Mark,

 > If you can send me a stack backtrace that would be useful, I suspect I
 > missed something.

sure, the full backtrace is here:

  http://samba.org/tridge/bind9-patches/backtrace.txt

This is with current CVS, plus your patch. It is without any of my
patches.

I launched it like this:

KRB5_KTNAME=dns.keytab KRB5_CONFIG=krb5.conf gdb --args /home/tridge/project/bind9/git/bin/named/.libs/named -m record,size,mctx  -c named.conf  -g -T clienttest -n 1

The named.conf is here:

 http://samba.org/tridge/bind9-patches/named.conf

the rest of the contents of the tsiggss test directory are from this
patch:

  http://samba.org/tridge/bind9-patches/0006-tkey-added-a-tkey-TSIG-GSS-testsuite.patch

Note that the named.conf is an adjustment to the tsiggss test to use
the existing tkey-gssapi-credential and tkey-domain options, instead
of the new tkey-gssapi-keytab option. Unfortunatey you have to run
with KRB5_CONFIG set, plus either KRB5_KTNAME or KEYTAB_FILE set
(depending on kerberos version). That is one of the things that the
tkey-gssapi-keytab patch fixes.

I also had to make a trivial adjustment to your patch to fix the
prototype for insert_trustedkey() in dighost.c

Cheers, Tridge



More information about the bind-workers mailing list