From owner-freebsd-current@FreeBSD.ORG Mon Oct 26 15:24:39 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B8C3106568D for ; Mon, 26 Oct 2009 15:24:39 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 8951D8FC1E for ; Mon, 26 Oct 2009 15:24:38 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAO9b5UqDaFvJ/2dsb2JhbADYaYQ/BIFe X-IronPort-AV: E=Sophos;i="4.44,626,1249272000"; d="scan'208";a="51259732" Received: from ganges.cs.uoguelph.ca ([131.104.91.201]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 26 Oct 2009 11:24:37 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by ganges.cs.uoguelph.ca (Postfix) with ESMTP id 994B3FB808B; Mon, 26 Oct 2009 11:24:37 -0400 (EDT) X-Virus-Scanned: amavisd-new at ganges.cs.uoguelph.ca Received: from ganges.cs.uoguelph.ca ([127.0.0.1]) by localhost (ganges.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAUj0TgZGeJa; Mon, 26 Oct 2009 11:24:36 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by ganges.cs.uoguelph.ca (Postfix) with ESMTP id 0FB2DFB801F; Mon, 26 Oct 2009 11:24:36 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id n9QFVbB05488; Mon, 26 Oct 2009 11:31:37 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Mon, 26 Oct 2009 11:31:37 -0400 (EDT) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: "b. f." In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@FreeBSD.org, john.marshall@riverwillow.com.au Subject: Re: Kernel Build Knob for kgssapi_krb5? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 15:24:39 -0000 On Mon, 26 Oct 2009, b. f. wrote: >> Is there a knob somewhere to enable building of the kgssapi_krb5 module? >> > > I don't see any for the module -- Doug Rabson doesn't seem to have > added it to /usr/src/sys/modules/Makefile in r184588: > > http://svn.freebsd.org/viewvc/base?view=revision&revision=184588 > > And I see that it has some implicit dependencies, like INET6, so the > kinks have not been ironed out of this portion of the code. You could > try: > > cd /usr/src/sys/modules/kgssapi_krb5 && make obj && make depend && > make && make install > At this point, both the regular nfs and experimental nfs subsystems only know to use the gssapi stuff if they're built with options KGSSAPI in the kernel config. I've never tried to build it as a module, but I do know it needs: device crypto >> I have just built 8.0-RC2/i386 and decided to have a look at the >> (experimental) NFSv4 stuff. I included options NFSD and NFSCL in my >> kernel configuration. nfsd(8) indicates that gssd(8) has to be running >> in order for the server to provide gss/krb5 access control. If I try >> starting gssd(8) it complains of a missing kgssapi_krb5 kernel module. >> The module hasn't been built. I've checked the GENERIC and NOTES files >> and can't find any reference to kgssapi_krb5. Is there an undocumented >> configuration option for this? >> >> Also, is there a "getting started" or "how to test" page somewhere to >> give us some clues to get this going? > > See the commit message mentioned above. Also, the primary author, > Rick Macklem, has a tutorial: > > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup > Just fyi, although I can't avoid blame for the NFSD/NFSCL code, I wasn't the author of the Kernel GSSAPI code, just a happy user. Hopefully you'll find the wiki page useful. Feel free to add things to it and/or email me with changes. rick