Package: libgssapi-krb5-2 Version: 1.8.3+dfsg-4 Severity: important When running nsupdate (from dnsutils/bind) with the -g flag to sign a dynamic DNS update request using GSS-API, the DNS server (a Microsoft DNS on Windows 2008 R2) refuses the request, claiming that the key is bad. The solution is to compile krb5-1.7.1 from source and set LD_LIBRARY_PATH=/usr/local/krb5-1.7/lib before running nsupdate so that it uses the older version of the Kerberos libraries. Compiling Kerberos 1.8.3 (or any earlier 1.8 release) from source does not help and exhibits the same error. My Kerberos server is Active Directory on Windows 2008 R2.
-- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgssapi-krb5-2 depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2 common error description library ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C ii libkeyutils1 1.4-1 Linux Key Management Utilities (li ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries ii libkrb5support0 1.8.3+dfsg-4 MIT Kerberos runtime libraries - S libgssapi-krb5-2 recommends no packages. Versions of packages libgssapi-krb5-2 suggests: pn krb5-doc <none> (no description available) ii krb5-user 1.8.3+dfsg-4 Basic programs to authenticate usi -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
