patches to make bind9 with TKEY/GSS updates easier to configure
tridge at samba.org
tridge at samba.org
Thu Dec 2 20:46:38 UTC 2010
Hi Michael,
ok, this is a good opportunity for us to improve the debug messages
when tkey-gssapi fails :-)
My first guess is that the tests are still dependent on something in
/etc/krb5.conf. If you could send me your krb5.conf, and also send me
the test output with "-L 3 -D -d" added to the $NSUPDATE call in
bin/tests/system/tsiggss/tests.sh. A copy of
bin/tests/system/tsiggss/ns1/named.run after the failure might also
help.
I'll also build and test it on a FreeBSD machine and see if I can
reproduce the failure. I don't have a NetBSD machine handy, but I can
install it in a VM if FreeBSD doesn't reproduce the problem.
I assume you were testing with current CVS plus my patches? Do you
have MIT or Heimdal kerberos libs installed?
Cheers, Tridge
> On my NetBSD machine:
>
> S:tsiggss:Thu Dec 2 18:00:39 UTC 2010
> T:tsiggss:1:A
> A:System test tsiggss
> I:testing updates as administrator
> I:testing update for testdc1.example.nil. A 86400 A 10.53.0.10
> Check your Kerberos ticket, it may have expired.
> I:update failed for testdc1.example.nil. A 86400 A 10.53.0.10
> I:testing update for testdc2.example.nil. A 86400 A 10.53.0.11
> Check your Kerberos ticket, it may have expired.
> I:update failed for testdc2.example.nil. A 86400 A 10.53.0.11
> I:testing update for denied.example.nil. TXT 86400 TXT helloworld
> Check your Kerberos ticket, it may have expired.
> I:update failed for denied.example.nil. TXT 86400 TXT helloworld
> I:testing updates as a user
> I:testing update for testdenied.example.nil. A 86400 A 10.53.0.12
> Check your Kerberos ticket, it may have expired.
> I:update failed for testdenied.example.nil. A 86400 A 10.53.0.12
> I:testing update for testdenied.example.nil. TXT 86400 TXT helloworld
> Check your Kerberos ticket, it may have expired.
> I:update failed for testdenied.example.nil. TXT 86400 TXT helloworld
> R:FAIL
> E:tsiggss:Thu Dec 2 18:00:56 UTC 2010
>
> --Michael
More information about the bind-workers
mailing list