I managed to build bind with gssapi support. It involves changing 7 lines in
the configure script to enable it to find the gssapi and Kerberos libraries and
headers.
I figured out how to get OpenBSD to automatically generate a patch file using
update-patches (that's really nifty!) so I thought I'd share it. Please excuse
my first attempt; I'm just getting started at this but I'd like to contribute
if I can.
One caveat of this patch: For some reason, including this patch causes bind to
be built with gssapi by default unless you specify --with-gssapi=no in the
Makefile. I can't figure out why; I'm still trying to wrap my head around the
tortuous if/then logic in the configure script as it tries (unsuccessfully,
without the patch) to find the libraries. Hopefully someone can improve on
this, but here's what I've got. It works for me, since now I can do dynamic
DNS updates using nsupdate against a secured Windows nameserver.
Jeff
$OpenBSD$
--- configure.orig Tue Aug 13 09:13:14 2013
+++ configure Tue Aug 13 09:12:38 2013
@@ -22058,10 +22058,10 @@ fi
if test "$use_gssapi" = "yes"
then
# first, deal with the obvious
- if test \( -f /usr/include/kerberosv5/krb5.h -o \
+ if test \( -f /usr/include/kerberosV/krb5.h -o \
-f /usr/include/krb5/krb5.h -o \
-f /usr/include/krb5.h \) -a \
- \( -f /usr/include/gssapi.h -o \
+ \( -f /usr/include/kerberosV/gssapi.h -o \
-f /usr/include/gssapi/gssapi.h \)
then
use_gssapi=/usr
@@ -22070,10 +22070,10 @@ then
for d in $krb5dirs
do
if test -f $d/include/gssapi/gssapi_krb5.h -o \
- -f $d/include/krb5.h
+ -f $d/include/kerberosV/krb5.h
then
if test -f $d/include/gssapi/gssapi.h -o \
- -f $d/include/gssapi.h
+ -f $d/include/kerberosV/gssapi.h
then
use_gssapi=$d
break
@@ -22098,7 +22098,7 @@ $as_echo "disabled" >&6; }
$as_echo "looking in $use_gssapi/lib" >&6; }
USE_GSSAPI='-DGSSAPI'
saved_cppflags="$CPPFLAGS"
- CPPFLAGS="-I$use_gssapi/include $CPPFLAGS"
+ CPPFLAGS="-I$use_gssapi/include/kerberosV $CPPFLAGS"
for ac_header in gssapi.h gssapi/gssapi.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
@@ -22177,6 +22177,7 @@ done
"-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \
"-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
"-lgssapi" \
+ "-lgssapi -lkrb5 -lcrypto " \
"-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
"-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err"
\
"-lgss -lkrb5"
@@ -22264,7 +22265,7 @@ $as_echo "no" >&6; } ;;
;;
esac
- DST_GSSAPI_INC="-I$use_gssapi/include"
+ DST_GSSAPI_INC="-I$use_gssapi/include/kerberosV"
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI
from $use_gssapi/lib and $use_gssapi/include" >&5
