Can't get BIND to use GSSAPI from /usr/local on FreeBSD
Mark Andrews
marka at isc.org
Wed Jun 16 00:06:56 UTC 2010
In message <20100615233907.GD1025 at rwpc12.mby.riverwillow.net.au>, John Marshall
writes:
> On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
> >
> > In message <slrni1ea5q.10j.john at rwpc12.mby.riverwillow.net.au>, John Marsha
> ll w
> > rites:
> > > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > > >
> > > > So what was in config.log? With libgssapi_krb5 you are trying to link
> > > > against MIT kerberos.
> > >
> > > Sorry, s/_krb5// (Heimdal)
> > >
> > > The config.log is here, and seems convinced about using /usr/local.
> > >
> > > <http://www.riverwillow.net.au/~john/bind971rc1/config.log>
> >
> > Well you have two three versions of gssapi installed. Two in /usr
> > (MIT + Heimdal) and one in /usr/local and configure is just not written
> > to cope with that. MIT and Heimdal require different sets of libraries
> > and the code that attempts to work that all out matched the MIT code in
> > /usr before it tests the Heimdal code in /usr/local. I think this
> > requires hand tweeking post configure.
>
> I guess what we're seeing is a "feature" of the way FreeBSD integrates
> Heimdal into its base system: it unbundles libgssapi into its component
> parts (libgssapi_krb5, _ntlm, _spnego). There is no MIT Kerberos on the
> system, just FreeBSD's "port" of Heimdal into its base system. Kerberos
> in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
> /usr/lib as described above). I also installed Heimdal 1.3.3 (un-hacked
> - all one libgssapi.so) into /usr/local/lib so that I could try linking
> BIND against it.
libgssapi_krb5 is from MIT Kerberos.
% grep gssapi /usr/ports/security/heimdal/pkg-plist
include/gssapi.h
include/gssapi/gkrb5_err.h
include/gssapi/gssapi.h
include/gssapi/gssapi_krb5.h
include/gssapi/gssapi_spnego.h
lib/libgssapi.a
lib/libgssapi.la
lib/libgssapi.so
lib/libgssapi.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5/pkg-plist
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5-16/pkg-plist
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
%
> Now that I think I understand what is happening, is it worth asking
> somebody who understands the workings of configure to teach it that
> (irrespective of library names) the FreeBSD base system uses Heimdal?
> Maybe not. In any case, pointers as to which file(s) to hack
> post-configure would be appreciated.
>
> Thank you for your help.
>
> --
> John Marshall
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list