---------- Forwarded message ---------- From: Juergen Dietl <[email protected]> Date: 2011/4/13 Subject: Re: GSS-TSIG with a change root enviroment To: Abdulla Bushlaibi <[email protected]>
Hello, thanx for the -g hint. Now I see the same thing I saw yesterday in the syslog. For any reason the syslog dont show anything since yesterday - but thats another story. When I use bind with the -t parameter (change root) I get the following error: 13-Apr-2011 13:10:17.956 default realm from krb5.conf (EXAMPLE.TEST) does not match tkey-gssapi-credential (DNS/[email protected]) 13-Apr-2011 13:10:17.956 configuring TKEY: failure 13-Apr-2011 13:10:17.956 loading configuration: failure 13-Apr-2011 13:10:17.956 exiting (due to fatal error) When I start it without -t all is OK. But I need the change root for security reasons. I put they krb5.keytab in /etc/ and /root-envirment/etc but didnt help. Is there anybody where it works with the -g parameter? thanx so far, Juergen 2011/4/13 Abdulla Bushlaibi <[email protected]> > Hey Juergen, > > You could try running bind with -g option and see what the logs tell you. > > Best Regards > > > > > On 13/04/2011 1:11 PM, Juergen Dietl wrote: > > Hello, > > I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I > tried it on a 2nd server that uses 2 instances of bind. One for primary one > for secondary. For this the primary bind starts with the "-t parameter" > which tells him to use a change root enviroment. If I start the bind this > way I dont get any error messages but it do not start. > > Is there anything I must pay attention if I want to use bind and gss-tsig > in a change root envirement? > > thanx for any hints, > cheers, > Juergen > > > _______________________________________________ > bind-users mailing > [email protected]https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
