[CentOS] Install Bind with gss-spnego enabled

Thu Apr 16 22:03:54 UTC 2015
James Hogarth <james.hogarth at gmail.com>

On 16 Apr 2015 14:29, "Johnny Hughes" <johnny at centos.org> wrote:
>
> On 04/16/2015 06:33 AM, Mike wrote:
> > Hi Johnny,
> >
> > Thank you for your response.  I thought to choose the sernet package
> > because of the following stated in Samba Readme:
> >
> > Samba packages shipped in some distributions like e. g. Fedora, RHEL may
> > not be able to be used as Samba AD DC, because the distribution relies
on
> > MIT Kerberos which isn't supported by Samba yet. In this case build
Samba
> > yourself or use the packages from SerNet or other reliable sources.
> >
> > I do want to use samba as an AD DC.
> > Does the above not apply to CentOS distro?
> >
> > Thanks for reading.
> > On Apr 16, 2015 4:35 AM, "Johnny Hughes" <johnny at centos.org> wrote:
> >
> >> On 04/16/2015 12:53 AM, Mike wrote:
> >>> CentOS 7.1503 installed.
> >>> Installed Samba 4 from sernet: Version 4.1.17-SerNet-RedHat-11.el7
(to be
> >>> configured).
> >>>
> >>> The samba wiki Readme First page states, "Some distributions like . .
.
> >> Red
> >>> Hat Enterprise Linux (and clones), ship BIND9 packages with disabled
> >>> GSS-SPNEGO option, which is required for signed DNS updates when using
> >> BIND
> >>> as DNS backend on your Samba DC. This circumstance requires to self
> >> compile
> >>> BIND9."
> >>>
> >>> Is there any way to use a yum command to install Bind9 with gss-spnego
> >>> enabled?
> >>>

This was required for kerberos secured updates prior to el7.1 and el6.6 ...

The problem in the underlying kerberos libraries was resolved so that
kerberos based updates worked with gss again and spnego doesn't need to be
compiled in.