Skip to content

BIND (master) does not work with krb5 1.18 (NegoEx)

Current master does not work with krb5 1.18 (released in February 2020) - nsupdate and tsiggss system tests are consistently failing. git bisect claims that an upstream commit implementing NegoEx) is the culprit.

This is only an issue for master as we do not use krb5's SPNEGO mechanism in any other branch. Older branches either use an internal SPNEGO implementation or no SPNEGO mechanism at all when --disable-isc-spnego is used.

Out of all our Docker images, only the Tumbleweed one has krb5 1.18, though - as luck would have it - the krb5-devel package there installs krb5-config into a custom prefix (/usr/lib/mit), which prevents BIND's ./configure from autodetecting it and thus BIND builds on Tumbleweed lack GSSAPI support altogether. I will push a branch shortly which fixes this so that the breakage can be demonstrated in CI.

I cannot say I understand GSSAPI, so this needs attention from someone who does.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information