patches to make bind9 with TKEY/GSS updates easier to configure

tridge at samba.org tridge at samba.org
Sun Dec 5 02:49:20 UTC 2010


Hi Love,

 > There is nothing that stops you from setting KRB5_CONFIG, trying
 > HOSTBASED service name, if that fails fall back to
 > KRB5_PRINCIPAL_NAME/NO_OID

ok

 > Since you are forcing KRB5_PRINCIPAL_NAME referrals will never
 > work, ie you will never be able to update your name in across
 > realms in a tree/forest.

yep, that would be worth making work.

I've had a go at this, but with trying the GSS_C_NO_OID varient
first. The reason for doing it that way is that it keeps current
behaviour for the first attempt, which I'm hoping minimises the chance
of something breaking with this change.

Unfortunately I'm getting:

  failure GSSAPI error: Major = Invalid token was supplied, Minor = Unknown error.

The patch I'm testing is here:

  http://git.samba.org/?p=tridge/bind9.git;a=commitdiff;h=2dbf2d5ca733484a6bee2b892349f3c9ca68110f

if the patch doesn't make the logic clear, the complete tree is in my
hostbased-fallback branch on git://git.samba.org/tridge/bind9.git

Cheers, Tridge



More information about the bind-workers mailing list