patches to make bind9 with TKEY/GSS updates easier to configure
tridge at samba.org
tridge at samba.org
Sun Dec 5 02:49:20 UTC 2010
Hi Love,
> There is nothing that stops you from setting KRB5_CONFIG, trying
> HOSTBASED service name, if that fails fall back to
> KRB5_PRINCIPAL_NAME/NO_OID
ok
> Since you are forcing KRB5_PRINCIPAL_NAME referrals will never
> work, ie you will never be able to update your name in across
> realms in a tree/forest.
yep, that would be worth making work.
I've had a go at this, but with trying the GSS_C_NO_OID varient
first. The reason for doing it that way is that it keeps current
behaviour for the first attempt, which I'm hoping minimises the chance
of something breaking with this change.
Unfortunately I'm getting:
failure GSSAPI error: Major = Invalid token was supplied, Minor = Unknown error.
The patch I'm testing is here:
http://git.samba.org/?p=tridge/bind9.git;a=commitdiff;h=2dbf2d5ca733484a6bee2b892349f3c9ca68110f
if the patch doesn't make the logic clear, the complete tree is in my
hostbased-fallback branch on git://git.samba.org/tridge/bind9.git
Cheers, Tridge
More information about the bind-workers
mailing list