Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread John Marshall 
On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
>
> So what was in config.log?  With libgssapi_krb5 you are trying to link
> against MIT kerberos.

Sorry, s/_krb5// (Heimdal)

The config.log is here, and seems convinced about using /usr/local.

  

-- 
John Marshall
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Request Redirect

2010-06-15 Thread sasa sasa 
hi,

i'll explain what i want to tell by an example;
we have 2 network, when network 1 request www.example.com i want to reply with 
x.x.x.x A record,
and when network 2 request www.example.com i want to reply with y.y.y.y A 
record.
is that possible in Bind configuration?

regards,
Sasa


  ___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Request Redirect

2010-06-15 Thread Jorge Fábregas 
On Tuesday 15 June 2010 07:52:34 sasa sasa wrote:
> we have 2 network, when network 1 request www.example.com i want to reply
> with x.x.x.x A record, and when network 2 request www.example.com i want
> to reply with y.y.y.y A record. is that possible in Bind configuration?

Hi,

Sure. Check out Bind Views:

http://www.zytrax.com/books/dns/ch7/view.html

HTH,
Jorge
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

the one A record that must be in a Zone

2010-06-15 Thread Martin McCormick 
We have our main domain of okstate.edu plus a ton of
non-okstate.edu names that we serve because someone purchased
the name. Each of these small zones has per haps one or two A
records and 99.9% of the time, the A records are redundant A
records that are the same as some host on our okstate.edu zone.
This is because one appears to need at least 1 A record in a
given zone. Example:

If we have orange.com and the server is
web27.okstate.edu, I must create an A record for orange.com
using web27's IP address rather than using a CNAME record to
point to web27. If I try that, we get the error that orange.com
has no A record.

Is there any kind of dummy A record one can stuff in to
a zone which satisfies this requirement such that one can then
use aliases or CNAME records for the valid hosts in the zone?

What has happened here is that a bunch of servers are
moving to a new subnet and, you guessed it, they are festuned
with redundant A records for these small zones. It is
going to be a lot of manual work to move them over, but I am
hoping it is a teachable moment in which there may be a better
way to do this so next time, all we do is move addresses and the
rest just keeps working.

Thanks for any and all suggestions.

Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: the one A record that must be in a Zone

2010-06-15 Thread Doug Barton 

On 06/15/10 09:53, Martin McCormick wrote:

Is there any kind of dummy A record one can stuff in to
a zone which satisfies this requirement such that one can then
use aliases or CNAME records for the valid hosts in the zone?


localhost   A   127.0.0.1


hth,

Doug

--

... and that's just a little bit of history repeating.
-- Propellerheads

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: the one A record that must be in a Zone

2010-06-15 Thread Lightner, Jeff 
Do they all actually use separate IPs?

Here we have multiple domains that all go to the same web server many of
which are going to the same NATed IP.   For those we just create a zone
(e.g. okstate-aliases) with standard setup and then the A record we have
is for @ like:

@   IN SOA  dns1.okstate.edu. tech.okstate.edu. (
2010020501  ; serial
10800   ; refresh
3600; retry
604800  ; expire
86400 ) ; Minimun TTL

; Name Servers
;
IN NS   dns1.okstate.edu.
IN NS   dns2.okstate.com.
;
; Mail Servers
;
IN MX   10  mail1.okstate.edu.  ; Primary MX BH
IN MX   30  mail2.okstate.edu.  ; Primary MX BH
;
; Addresses
;
;
@   IN Ax.x.x.x
;

In named.conf we would then add each domain to use this file like:

zone "okistatelab.com" {
type master;
file "okistate-aliases";
allow-query { any; };
};

The @ in the aliases file is interpreted as which ever zone is
referencing it so for that zone it becomes okistatelab.   You can create
as many entries as you want pointing to that single aliases zone file.
For one offs you can simply copy the zone file to a new name and add
what you want (e.g. if you wanted to have separate MX records or add ftp
site etc...) then use that file in the named.conf. 

Of course this works because our web server setup redirects things to
the appropriate landing pages or sites. (Most of our aliases go to our
default web site but we do have some landing pages for specialized
purposes.)


-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Martin McCormick
Sent: Tuesday, June 15, 2010 12:53 PM
To: bind-us...@isc.org
Subject: the one A record that must be in a Zone


We have our main domain of okstate.edu plus a ton of
non-okstate.edu names that we serve because someone purchased
the name. Each of these small zones has per haps one or two A
records and 99.9% of the time, the A records are redundant A
records that are the same as some host on our okstate.edu zone.
This is because one appears to need at least 1 A record in a
given zone. Example:

If we have orange.com and the server is
web27.okstate.edu, I must create an A record for orange.com
using web27's IP address rather than using a CNAME record to
point to web27. If I try that, we get the error that orange.com
has no A record.

Is there any kind of dummy A record one can stuff in to
a zone which satisfies this requirement such that one can then
use aliases or CNAME records for the valid hosts in the zone?

What has happened here is that a bunch of servers are
moving to a new subnet and, you guessed it, they are festuned
with redundant A records for these small zones. It is
going to be a lot of manual work to move them over, but I am
hoping it is a teachable moment in which there may be a better
way to do this so next time, all we do is move addresses and the
rest just keeps working.

Thanks for any and all suggestions.

Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Microsoft's nslookup Implementation Problems

2010-06-15 Thread Steve Shockley 

On 6/13/2010 4:00 PM, Merton Campbell Crockett wrote:

Inspecting the query log on the name server indicates that BIND never
services a request from the system running Microsoft's nslookup tool. In
addition, using tcpdump in controlled tests, I find that Microsoft's
nslookup implementation never sends any requests to any name server that
is designated in a "server" command unless it is one of the default name
servers that the system would normally use.


WinXP and newer sometimes cache results in unexpected ways, including 
caching failed lookups.  Perhaps flushing the DNS cache will help.


With that said, I could not duplicate the problem on Win7's nslookup:

> foo.shockley.net
Server:  server2003.internal.corporate
Address:  192.168.x.x

*** server2003.internal.corporate can't find foo.shockley.net: 
Non-existent domain


> server 208.67.222.222
Default Server:  resolver1.opendns.com
Address:  208.67.222.222

> foo.shockley.net.
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:foo.shockley.net
Address:  67.215.65.132

(foo.shockley.net does not exist, that result is an opendns ad page.)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Microsoft's nslookup Implementation Problems

2010-06-15 Thread Tim Maestas 
One thing I also learned recently is that the Cisco IPSEC VPN client
dialer hijacks all UDP DNS packets and sends them to the DNS server
handed out by the VPN concentrators.  So "dig @x.x.x.x" and "nslookup
foo.bar x.x.x.x" queries don't actually go to x.x.x.x.  Don't know if
that's in play here but thought it worth mentioning.

-Tim


On Tue, Jun 15, 2010 at 11:06 AM, Steve Shockley
 wrote:
> On 6/13/2010 4:00 PM, Merton Campbell Crockett wrote:
>>
>> Inspecting the query log on the name server indicates that BIND never
>> services a request from the system running Microsoft's nslookup tool. In
>> addition, using tcpdump in controlled tests, I find that Microsoft's
>> nslookup implementation never sends any requests to any name server that
>> is designated in a "server" command unless it is one of the default name
>> servers that the system would normally use.
>
> WinXP and newer sometimes cache results in unexpected ways, including
> caching failed lookups.  Perhaps flushing the DNS cache will help.
>
> With that said, I could not duplicate the problem on Win7's nslookup:
>
>> foo.shockley.net
> Server:  server2003.internal.corporate
> Address:  192.168.x.x
>
> *** server2003.internal.corporate can't find foo.shockley.net: Non-existent
> domain
>
>> server 208.67.222.222
> Default Server:  resolver1.opendns.com
> Address:  208.67.222.222
>
>> foo.shockley.net.
> Server:  resolver1.opendns.com
> Address:  208.67.222.222
>
> Non-authoritative answer:
> Name:    foo.shockley.net
> Address:  67.215.65.132
>
> (foo.shockley.net does not exist, that result is an opendns ad page.)
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Request Redirect

2010-06-15 Thread Kevin Darcy 
Since "views" require parallel maintenance of zone data, they are 
somewhat of a heavyweight/sledgehammer approach to the problem.


Subject to certain caveats, the "sortlist" feature may be a better fit 
for this requirement, i.e. define the name with *both* IP addresses, and 
then sort the answers depending on the source address range of the 
querying client.


Caveats:
1) All caching resolvers need to have the same sortlist capability and 
synchronized definitions -or- they must at all times exactly preserve 
the order of the responses they received from upstream, even when 
answering from their own cache
2) If #1 cannot be met, then the client must be able to tolerate an 
occasional "wrong" answer, resulting, typically, in a connection attempt 
to the "wrong" resource, and potentially a timeout/failover to the other 
address. The extent of the "wrongness" can be mitigated by lowering the 
TTL values on the RRset, but then this increases query traffic, so it's 
a tradeoff.



- Kevin


On 6/15/2010 7:58 AM, Jorge Fábregas wrote:

On Tuesday 15 June 2010 07:52:34 sasa sasa wrote:
   

we have 2 network, when network 1 request www.example.com i want to reply
with x.x.x.x A record, and when network 2 request www.example.com i want
to reply with y.y.y.y A record. is that possible in Bind configuration?
 

Hi,

Sure. Check out Bind Views:

http://www.zytrax.com/books/dns/ch7/view.html

HTH,
Jorge
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



   



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: the one A record that must be in a Zone

2010-06-15 Thread Chris Thompson 

On Jun 15 2010, Martin McCormick wrote:


We have our main domain of okstate.edu plus a ton of
non-okstate.edu names that we serve because someone purchased
the name. Each of these small zones has per haps one or two A
records and 99.9% of the time, the A records are redundant A
records that are the same as some host on our okstate.edu zone.
This is because one appears to need at least 1 A record in a
given zone. Example:

If we have orange.com and the server is
web27.okstate.edu, I must create an A record for orange.com
using web27's IP address rather than using a CNAME record to
point to web27. If I try that, we get the error that orange.com
has no A record.


I bet you don't, because there is no such requirement.

What you *are* encountering is the restriction that you cannot
have a CNAME at a zone apex (i.e. with the same name as the zone).
This in turn follows from the fact that a CNAME cannot share a
name with records of any other type (absent some DNSSEC peculiars).
There are always SOA and NS records at the zone apex, so you can't
have a CNAME there.

Which is a pain only (well, mostly) because users want to use
the (short) zone name in URLs, and web browsers don't use SRV
records as they would have done in a better world, but just try
to resolve the name directly to an IP address. You wouldn't have
any problem with a zone

@SOA... usual stuff ...
NS ... more stuff ...
www  CNAME  web27.okstate.edu.

but then the user would have to use http://www.whatsit.com/
instead of http://whatsit.com/ (Some browsers have fixup code
to add the "www." if the lookup of "whatsit.com" doesn't give
an IP address, but this varies a lot with the software, how it
has been configured, and the URL itself.)

There isn't any good solution to the problem. One possibility
is to have the apex A records all point to an http redirecting
service that adds the "www." (this assumes HTTP/1.1, but that's
surely safe these days). Then you only have one IP address you
have to keep fixed.

--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind 9.7.0-P2 Bus Error - Solaris 9

2010-06-15 Thread b19141 
At Mon, 14 Jun 2010 09:06:50 -0500 (CDT),
b19...@anl.gov wrote:

>> This morning on a Solaris 9 system, I issued these comands:

JINMEI Tatuya /   replied:

> I believe I found the cause of the bug.  Please try the patch copied
> below.

I tested the patch on Solaris 9 and 10, and no core files were
produced.  I tested only this one command:

 dig cnnet.upr.edu +trace

--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread Mark Andrews 

In message , John Marshall w
rites:
> On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> >
> > So what was in config.log?  With libgssapi_krb5 you are trying to link
> > against MIT kerberos.
> 
> Sorry, s/_krb5// (Heimdal)
> 
> The config.log is here, and seems convinced about using /usr/local.
> 
>   

Well you have two three versions of gssapi installed.  Two in /usr
(MIT + Heimdal) and one in /usr/local and configure is just not written
to cope with that.  MIT and Heimdal require different sets of libraries
and the code that attempts to work that all out matched the MIT code in
/usr before it tests the Heimdal code in /usr/local.  I think this
requires hand tweeking post configure.

> -- 
> John Marshall
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread John Marshall 
On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
> 
> In message , John Marshall 
> w
> rites:
> > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > >
> > > So what was in config.log?  With libgssapi_krb5 you are trying to link
> > > against MIT kerberos.
> > 
> > Sorry, s/_krb5// (Heimdal)
> > 
> > The config.log is here, and seems convinced about using /usr/local.
> > 
> >   
> 
> Well you have two three versions of gssapi installed.  Two in /usr
> (MIT + Heimdal) and one in /usr/local and configure is just not written
> to cope with that.  MIT and Heimdal require different sets of libraries
> and the code that attempts to work that all out matched the MIT code in
> /usr before it tests the Heimdal code in /usr/local.  I think this
> requires hand tweeking post configure.

I guess what we're seeing is a "feature" of the way FreeBSD integrates
Heimdal into its base system: it unbundles libgssapi into its component
parts (libgssapi_krb5, _ntlm, _spnego).  There is no MIT Kerberos on the
system, just FreeBSD's "port" of Heimdal into its base system.  Kerberos
in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
/usr/lib as described above).  I also installed Heimdal 1.3.3 (un-hacked
- all one libgssapi.so) into /usr/local/lib so that I could try linking
BIND against it.

Now that I think I understand what is happening, is it worth asking
somebody who understands the workings of configure to teach it that
(irrespective of library names) the FreeBSD base system uses Heimdal?
Maybe not.  In any case, pointers as to which file(s) to hack
post-configure would be appreciated.

Thank you for your help.

-- 
John Marshall
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread Mark Andrews 

In message <20100615233907.gd1...@rwpc12.mby.riverwillow.net.au>, John Marshall
 writes:
> On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
> > 
> > In message , John Marsha
> ll w
> > rites:
> > > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > > >
> > > > So what was in config.log?  With libgssapi_krb5 you are trying to link
> > > > against MIT kerberos.
> > > 
> > > Sorry, s/_krb5// (Heimdal)
> > > 
> > > The config.log is here, and seems convinced about using /usr/local.
> > > 
> > >   
> > 
> > Well you have two three versions of gssapi installed.  Two in /usr
> > (MIT + Heimdal) and one in /usr/local and configure is just not written
> > to cope with that.  MIT and Heimdal require different sets of libraries
> > and the code that attempts to work that all out matched the MIT code in
> > /usr before it tests the Heimdal code in /usr/local.  I think this
> > requires hand tweeking post configure.
> 
> I guess what we're seeing is a "feature" of the way FreeBSD integrates
> Heimdal into its base system: it unbundles libgssapi into its component
> parts (libgssapi_krb5, _ntlm, _spnego).  There is no MIT Kerberos on the
> system, just FreeBSD's "port" of Heimdal into its base system.  Kerberos
> in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
> /usr/lib as described above).  I also installed Heimdal 1.3.3 (un-hacked
> - all one libgssapi.so) into /usr/local/lib so that I could try linking
> BIND against it.

libgssapi_krb5 is from MIT Kerberos.

% grep gssapi /usr/ports/security/heimdal/pkg-plist
include/gssapi.h
include/gssapi/gkrb5_err.h
include/gssapi/gssapi.h
include/gssapi/gssapi_krb5.h
include/gssapi/gssapi_spnego.h
lib/libgssapi.a
lib/libgssapi.la
lib/libgssapi.so
lib/libgssapi.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5/pkg-plist 
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
% grep gssapi /usr/ports/security/krb5-16/pkg-plist
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth_gssapi.h
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
@dirrm include/gssapi
%

 
> Now that I think I understand what is happening, is it worth asking
> somebody who understands the workings of configure to teach it that
> (irrespective of library names) the FreeBSD base system uses Heimdal?
> Maybe not.  In any case, pointers as to which file(s) to hack
> post-configure would be appreciated.
> 
> Thank you for your help.
> 
> -- 
> John Marshall
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread Mark Andrews 

In message <20100615233907.gd1...@rwpc12.mby.riverwillow.net.au>, John Marshall
 writes:
> On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote:
> > 
> > In message , John Marsha
> ll w
> > rites:
> > > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote:
> > > >
> > > > So what was in config.log?  With libgssapi_krb5 you are trying to link
> > > > against MIT kerberos.
> > > 
> > > Sorry, s/_krb5// (Heimdal)
> > > 
> > > The config.log is here, and seems convinced about using /usr/local.
> > > 
> > >   
> > 
> > Well you have two three versions of gssapi installed.  Two in /usr
> > (MIT + Heimdal) and one in /usr/local and configure is just not written
> > to cope with that.  MIT and Heimdal require different sets of libraries
> > and the code that attempts to work that all out matched the MIT code in
> > /usr before it tests the Heimdal code in /usr/local.  I think this
> > requires hand tweeking post configure.
> 
> I guess what we're seeing is a "feature" of the way FreeBSD integrates
> Heimdal into its base system: it unbundles libgssapi into its component
> parts (libgssapi_krb5, _ntlm, _spnego).  There is no MIT Kerberos on the
> system, just FreeBSD's "port" of Heimdal into its base system.  Kerberos
> in FreeBSD 8.n is Heimdal 1.1.0 (split into component libraries in
> /usr/lib as described above).  I also installed Heimdal 1.3.3 (un-hacked
> - all one libgssapi.so) into /usr/local/lib so that I could try linking
> BIND against it.
> 
> Now that I think I understand what is happening, is it worth asking
> somebody who understands the workings of configure to teach it that
> (irrespective of library names) the FreeBSD base system uses Heimdal?
> Maybe not.  In any case, pointers as to which file(s) to hack
> post-configure would be appreciated.

configure sets these.

lib/isc/include/isc/platform.h:
AC_SUBST(ISC_PLATFORM_HAVEGSSAPI)
AC_SUBST(ISC_PLATFORM_GSSAPIHEADER)
AC_SUBST(ISC_PLATFORM_KRB5HEADER)

lib/dns/Makefile:
bin/*/Makefile:
AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)

> 
> Thank you for your help.
> 
> -- 
> John Marshall
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread John Marshall 
On Wed, 16 Jun 2010, 10:06 +1000, Mark Andrews wrote:
> 
>   libgssapi_krb5 is from MIT Kerberos.

...and from FreeBSD's implementation of Heimdal

rwsrv05> cat /usr/src/kerberos5/include/version.h
/* $FreeBSD: src/kerberos5/include/version.h,v 1.15.2.1.4.1 2010/06/14 02:09:06 
kensmith Exp $ */
const char *heimdal_long_version = "@(#)$Version: Heimdal 1.1.0 (FreeBSD) $";
const char *heimdal_version = "Heimdal 1.1.0";

rwsrv05> find /usr/src/kerberos5 -name libgssapi\*
/usr/src/kerberos5/lib/libgssapi_krb5
/usr/src/kerberos5/lib/libgssapi_ntlm
/usr/src/kerberos5/lib/libgssapi_spnego

-- 
John Marshall
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread Mark Andrews 

In message <20100616004753.ge1...@rwpc12.mby.riverwillow.net.au>, John Marshall
 writes:
> On Wed, 16 Jun 2010, 10:06 +1000, Mark Andrews wrote:
> > 
> > libgssapi_krb5 is from MIT Kerberos.
> 
> ...and from FreeBSD's implementation of Heimdal
> 
> rwsrv05> cat /usr/src/kerberos5/include/version.h
> /* $FreeBSD: src/kerberos5/include/version.h,v 1.15.2.1.4.1 2010/06/14 02:09:
> 06 kensmith Exp $ */
> const char *heimdal_long_version = "@(#)$Version: Heimdal 1.1.0 (FreeBSD) $";
> const char *heimdal_version = "Heimdal 1.1.0";
> 
> rwsrv05> find /usr/src/kerberos5 -name libgssapi\*
> /usr/src/kerberos5/lib/libgssapi_krb5
> /usr/src/kerberos5/lib/libgssapi_ntlm
> /usr/src/kerberos5/lib/libgssapi_spnego
> 
> -- 
> John Marshall

Which means ports doesn't mask the system files.  Who permitted this idiocy.

The alternative is to edit configure.in to only have the libraries in
the port version where configure checks for which set of libraries needed
and run autoheader + autoconf followed by configure.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

2010-06-15 Thread John Marshall 
On Wed, 16 Jun 2010, 11:04 +1000, Mark Andrews wrote:
> The alternative is to edit configure.in to only have the libraries in
> the port version where configure checks for which set of libraries needed
> and run autoheader + autoconf followed by configure.

Thanks.  configure.in looks like the place to spend my time.  It
includes helpful comments about /usr vs /usr/local and KTH vs MIT.

-- 
John Marshall
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users