Trouble with 9.7.1-P2 on RHEL 5
Carlos Vicente
cvicente at network-services.uoregon.edu
Wed Aug 25 22:15:18 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My understanding is that you don't need this unless you're planning on
using hardware security modules. You can still generate and manage keys
without pkcs11.
See:
http://www.isc.org/software/bind/new-features/9.7
cv
Timothy Holtzen wrote:
> Has anyone been able to get 9.7.1-P2 to build with pkcs11 and run on
> RHEL/CentOS 5? I appear to be able to configure and make without any
> problems but when I go to run it I get the following error in the log.
>
> named[14899]: starting BIND 9.7.1-P2 -c /etc/named.conf -t /var/named/chroot
> named[14899]: built with '--with-libtool' '--localstatedir=/var'
> '--disable-threads' '--enable-ipv6' '--disable-static' '--with-pic'
> '--disable-openssl-version-check'
> '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-gssapi=yes'
> '--disable-isc-spnego'
> named[14899]: using up to 4096 sockets
> named[14899]: initializing DST: no engine
> named[14899]: exiting (due to fatal error)
>
>>From what I have been able to deduce this means that bind can't find or
> use the pkcs11 encryption engine. Compiling without the "--with-pkcs11"
> option produces a functional executable. Stangely the exact same
> configuration options worked just fine with 9.7.0 so something seems to
> have changed between those releases. My ultimate goal is to do a full
> DNSSEC depolyment so I'm guessing the pkcs11 option is going to be
> required if I want to generate and manage keys etc. Anyone have any
> ideas? I suspect that I'm missing some encription library or something.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFMdZX2DADXcoYj2ZwRAuggAJ49JS5iERRDzRuzZu7D9B3c8Ui7bQCcCb0R
deKtj3MANUTquQilmCJ7Dsw=
=tHat
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list