---------- Forwarded message ---------- From: Juergen Dietl <isclist...@googlemail.com> Date: 2011/4/13 Subject: Re: GSS-TSIG with a change root enviroment To: Abdulla Bushlaibi <abushla...@ies.etisalat.ae>
Hello, thanx for the -g hint. Now I see the same thing I saw yesterday in the syslog. For any reason the syslog dont show anything since yesterday - but thats another story. When I use bind with the -t parameter (change root) I get the following error: 13-Apr-2011 13:10:17.956 default realm from krb5.conf (EXAMPLE.TEST) does not match tkey-gssapi-credential (DNS/dns1.example.t...@example.test) 13-Apr-2011 13:10:17.956 configuring TKEY: failure 13-Apr-2011 13:10:17.956 loading configuration: failure 13-Apr-2011 13:10:17.956 exiting (due to fatal error) When I start it without -t all is OK. But I need the change root for security reasons. I put they krb5.keytab in /etc/ and /root-envirment/etc but didnt help. Is there anybody where it works with the -g parameter? thanx so far, Juergen 2011/4/13 Abdulla Bushlaibi <abushla...@ies.etisalat.ae> > Hey Juergen, > > You could try running bind with -g option and see what the logs tell you. > > Best Regards > > > > > On 13/04/2011 1:11 PM, Juergen Dietl wrote: > > Hello, > > I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I > tried it on a 2nd server that uses 2 instances of bind. One for primary one > for secondary. For this the primary bind starts with the "-t parameter" > which tells him to use a change root enviroment. If I start the bind this > way I dont get any error messages but it do not start. > > Is there anything I must pay attention if I want to use bind and gss-tsig > in a change root envirement? > > thanx for any hints, > cheers, > Juergen > > > _______________________________________________ > bind-users mailing > listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users