Date: Wed, 8 Feb 2012 20:41:35 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Benjamin Kaduk <kaduk@MIT.EDU> Cc: freebsd-hackers@freebsd.org, Ansar Mohammed <ansarm@gmail.com> Subject: Re: Kerberos and FreeBSD Message-ID: <487167524.1045003.1328751695510.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <alpine.GSO.1.10.1202081139340.882@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Benjamin Kaduk wrote:
> On Wed, 8 Feb 2012, Ansar Mohammed wrote:
>=20
> > Hello All,
> > Is the port of Heimdal on FreeBSD being maintained? The version that
> > ships with 9.0 seems a bit old.
> >
> > #> /usr/libexec/kdc-v
> > kdc (Heimdal 1.1.0)
> > Copyright 1995-2008 Kungliga Tekniska H=C3=B6gskolan
> > Send bug-reports to heimdal-bugs@h5l.org
>=20
> My understanding is that every five years or so, someone becomes fed
> up
> enough with the staleness of the "current" version and puts in the
> effort
> to merge in a newer version.
> It looks like 3 years ago, dfr brought in that Heimdal 1.1 you see, to
> replace the Heimdal 0.6 that nectar brought in 8 years ago.
> I don't know of anyone with active plans to bring in a new version, at
> present.
>=20
> -Ben Kaduk
>=20
I think it's a little trickier than it sounds. The Kerberos in FreeBSD
isn't vanilla Heimdal 1.1, but a somewhat modified variant.
Heimdal libraries have a separate source file for each function, plus
a source file that defines all global storage used by functions in the
library.
One difference w.r.t. the FreeBSD variant that I am aware of is:
- Some of the functions were moved from one library to another. (I don't
know why, but maybe it was to avoid a POLA violation which would require
apps to be linked with additional libraries?)
- To do this, some global variables were added to the source file in the
library these functions were moved to.
As such, if you statically link an app. to both libraries, the global varia=
ble
can come up "multiply defined". (I ran into this when I was developing a "g=
ssd"
prior to the one introduced as part of the kernel rpc.) You can get around =
this
by dynamically linking, being careful about the order in which the librarie=
s are
specified. (The command "krb5-config --libs" helps w.r.t. this.)
I don't know what else was changed, but I do know that it isn't as trivial =
as
replacing the sources with ones from a newer Heimdal release.
I think it would be nice if a newer Heimdal release was brought it, with th=
e
minimal changes required to make it work. (If that meant that apps. needed =
more
libraries, the make files could use "krb5-config --libs" to handle it, I th=
ink?)
Oh, and I'm not volunteering to try and do it;-) rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?487167524.1045003.1328751695510.JavaMail.root>