On Thu, Apr 16, 2015 at 6:03 PM, James Hogarth <james.hogarth at gmail.com> wrote: > This was required for kerberos secured updates prior to el7.1 and el6.6 ... > > The problem in the underlying kerberos libraries was resolved so that > kerberos based updates worked with gss again and spnego doesn't need to be > compiled in. > _______________________________________________ > James, thank you for your reply. This sounds like good news for me; I can stay planted in the accepted CentOS repo. biosphere. | | | | | | | | | | | | | | | I installed bind-9.9.4 package from the CentOS repo. I've been reading the Changes and Readme file but don't see where this issue is addressed. Can you point me to the centOS announcements or release notes that deal with the bind package and gss-spnego. I'd like to try to understand and possibly aggregate the right info to send to the samba wiki maintainers. | | | | | | | | | | | | | | | | | | | | | | | | | named -V on the installed package produces: BIND 9.9.4-RedHat-9.9.4-18.el7_1.1 (Extended Support Version) <id:8f9657aa> built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' <<<SNIP>>> '--with-gssapi=yes' '--disable-isc-spnego' using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 using libxml2 version: 2.9.1 END Does the above output show that gss-spnego is actually enabled? Thanks for your help.