patches to make bind9 with TKEY/GSS updates easier to configure

tridge at samba.org tridge at samba.org
Thu Dec 2 20:46:38 UTC 2010


Hi Michael,

ok, this is a good opportunity for us to improve the debug messages
when tkey-gssapi fails :-)

My first guess is that the tests are still dependent on something in
/etc/krb5.conf. If you could send me your krb5.conf, and also send me
the test output with "-L 3 -D -d" added to the $NSUPDATE call in
bin/tests/system/tsiggss/tests.sh. A copy of
bin/tests/system/tsiggss/ns1/named.run after the failure might also
help.

I'll also build and test it on a FreeBSD machine and see if I can
reproduce the failure. I don't have a NetBSD machine handy, but I can
install it in a VM if FreeBSD doesn't reproduce the problem.

I assume you were testing with current CVS plus my patches? Do you
have MIT or Heimdal kerberos libs installed?

Cheers, Tridge

 > On my NetBSD machine:
 > 
 > S:tsiggss:Thu Dec  2 18:00:39 UTC 2010
 > T:tsiggss:1:A
 > A:System test tsiggss
 > I:testing updates as administrator
 > I:testing update for testdc1.example.nil. A 86400 A 10.53.0.10
 > Check your Kerberos ticket, it may have expired.
 > I:update failed for testdc1.example.nil. A 86400 A 10.53.0.10
 > I:testing update for testdc2.example.nil. A 86400 A 10.53.0.11
 > Check your Kerberos ticket, it may have expired.
 > I:update failed for testdc2.example.nil. A 86400 A 10.53.0.11
 > I:testing update for denied.example.nil. TXT 86400 TXT helloworld
 > Check your Kerberos ticket, it may have expired.
 > I:update failed for denied.example.nil. TXT 86400 TXT helloworld
 > I:testing updates as a user
 > I:testing update for testdenied.example.nil. A 86400 A 10.53.0.12
 > Check your Kerberos ticket, it may have expired.
 > I:update failed for testdenied.example.nil. A 86400 A 10.53.0.12
 > I:testing update for testdenied.example.nil. TXT 86400 TXT helloworld
 > Check your Kerberos ticket, it may have expired.
 > I:update failed for testdenied.example.nil. TXT 86400 TXT helloworld
 > R:FAIL
 > E:tsiggss:Thu Dec  2 18:00:56 UTC 2010
 > 
 > --Michael



More information about the bind-workers mailing list