From owner-freebsd-current@FreeBSD.ORG  Tue Oct 27 02:31:34 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B97D8106566B
	for <freebsd-current@freebsd.org>; Tue, 27 Oct 2009 02:31:34 +0000 (UTC)
	(envelope-from john.marshall@riverwillow.com.au)
Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au
	[203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id 395D58FC18
	for <freebsd-current@freebsd.org>; Tue, 27 Oct 2009 02:31:33 +0000 (UTC)
Received: from rwpc12.mby.riverwillow.net.au (rwpc12.mby.riverwillow.net.au
	[172.25.24.168]) (authenticated bits=0)
	by mail1.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n9R2VKPk058182
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 27 Oct 2009 13:31:21 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au;
	s=m1001; t=1256610681;
	bh=Z99jKm9fCdSxMvuwna0/pMCoVqvU19zKEoGwONKduH0=;
	h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version:
	Content-Type:In-Reply-To;
	b=F4/JpPHFJ1l4LeDIe9plRVj3RszBSmf2h/l5XxXXgNELtHrpCXB/wF2/1QMcp6wvZ
	H9wrnzicXM6COZcF+CBHV9kJgS6PbV1BjY+Nw5PrmsnFyJsZiUvDJ4XYKw7UW4GSRY
	ZwnhUHeswZSsM4BvbT01lZZmzzP6jYSkGEOtYzs0=
Received: from rwpc12.mby.riverwillow.net.au (localhost [127.0.0.1])
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n9R2VJY9053207; Tue, 27 Oct 2009 13:31:19 +1100 (AEDT)
	(envelope-from john.marshall@riverwillow.com.au)
Received: (from john@localhost)
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3/Submit) id
	n9R2VI7t053206; Tue, 27 Oct 2009 13:31:18 +1100 (AEDT)
	(envelope-from john)
Date: Tue, 27 Oct 2009 13:31:18 +1100
From: John Marshall <john.marshall@riverwillow.com.au>
To: Rick Macklem <rmacklem@uoguelph.ca>
Message-ID: <20091027023118.GD1064@rwpc12.mby.riverwillow.net.au>
Mail-Followup-To: Rick Macklem <rmacklem@uoguelph.ca>,
	"b. f." <bf1783@googlemail.com>, freebsd-current@freebsd.org
References: <d873d5be0910252316t46286a84g1e366d9891939027@mail.gmail.com>
	<Pine.GSO.4.63.0910261125360.28663@muncher.cs.uoguelph.ca>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="nmemrqcdn5VTmUEE"
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.63.0910261125360.28663@muncher.cs.uoguelph.ca>
User-Agent: Mutt/1.4.2.3i
OpenPGP: id=A29A84A2; url=http://pki.riverwillow.net.au/pgp/johnmarshall.asc
Cc: freebsd-current@freebsd.org, "b. f." <bf1783@googlemail.com>
Subject: Re: Kernel Build Knob for kgssapi_krb5?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2009 02:31:34 -0000


--nmemrqcdn5VTmUEE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, 26 Oct 2009, 11:31 -0400, Rick Macklem wrote:
> On Mon, 26 Oct 2009, b. f. wrote:
> >>Is there a knob somewhere to enable building of the kgssapi_krb5 module?
> >
> >I don't see any for the module -- Doug Rabson doesn't seem to have
> >added it to /usr/src/sys/modules/Makefile in r184588:
> >
> >http://svn.freebsd.org/viewvc/base?view=3Drevision&revision=3D184588
> >
> >And I see that it has some implicit dependencies, like INET6, so the
> >kinks have not been ironed out of this portion of the code.  You could
> >try:
> >
> >cd /usr/src/sys/modules/kgssapi_krb5 && make obj && make depend &&
> >make && make install
>=20
> At this point, both the regular nfs and experimental nfs subsystems
> only know to use the gssapi stuff if they're built with
> options KGSSAPI
> in the kernel config.
>=20
> I've never tried to build it as a module, but I do know it needs:
> device crypto

I didn't try building as a separate kernel module but configuring it in
the kernel with 'options KGSSAPI' and 'device crypto' worked for me.
The kernel build didn't complain that I don't have INET6 included.

> >>Also, is there a "getting started" or "how to test" page somewhere to
> >>give us some clues to get this going?
> >
> >http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
> >
> Just fyi, although I can't avoid blame for the NFSD/NFSCL code, I
> wasn't the author of the Kernel GSSAPI code, just a happy user.
>=20
> Hopefully you'll find the wiki page useful. Feel free to add things
> to it and/or email me with changes.

Thank you!  Might I suggest that a link to this work from the FreeBSD
wiki and the 8.0 Release Notes would be a good idea?  More people are
going to want to know how to go about using/testing this now that it is
included in a release.

--=20
John Marshall

--nmemrqcdn5VTmUEE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)

iEYEARECAAYFAkrmW3YACgkQw/tAaKKahKLWvwCdFCQVJvmRuX57N9oFB11esHaO
SMYAn2iQkUzHbvWTbhOGxCE79nnGEjMq
=2Mj6
-----END PGP SIGNATURE-----

--nmemrqcdn5VTmUEE--