Date: Fri, 8 Aug 2008 10:29:25 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Doug Rabson <dfr@rabson.org> Cc: freebsd-fs@freebsd.org, =?utf-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Subject: Re: Which GSSAPI library does FreeBSD use? Message-ID: <Pine.GSO.4.63.0808081024570.17789@muncher.cs.uoguelph.ca> In-Reply-To: <Pine.GSO.4.63.0808071959400.7663@muncher.cs.uoguelph.ca> References: <Pine.GSO.4.63.0807161832470.5025@muncher.cs.uoguelph.ca> <86myk06e18.fsf@ds4.des.no> <Pine.GSO.4.63.0807291020260.12515@muncher.cs.uoguelph.ca> <326AF658-D96D-4410-9E32-0001FF8264AA@rabson.org> <Pine.GSO.4.63.0808071959400.7663@muncher.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Aug 2008, Rick Macklem wrote: > > > On Mon, 4 Aug 2008, Doug Rabson wrote: >> >> Try using current - I updated heimdal to 1.1 in current. >> >> The GSS-API implementation in 7.x and current is a plugin system which >> heimdal's krb5 code plugs into as a GSS-API mechanism provider. With >> heimdal 1.1, it also supports spnego and ntlm as plugins. >> > Well, vanilla Heimdal-1.1 seems to work fine. However, when I try to link > to the libraries in FreeBSD-CURRENT, I get a bunch of multiply defined > globals, because it gets both external.o and gss_names.o, out of > libgssapi.a and libgssapi_krb5.a respectively. > Oops, spoke too soon. It worked for a mount last night, but couldn't re-acquire fresh credentials this morning. (There are slightly different problems with Heimdal-0.8 and Heimdal-1.1, but they both seem related to getting a TGT via the keytab entry.) I'm going to try contacting the Heimdal folks. (In the meantime, I'm back to Heimdal-0.7 which works fine.) If you're doing RPCSEC_GSS for the NLM, you are probably going to want this to work too. (Solaris uses a keytab entry with root/<client-host>.<dns-domain>@<DEFAULT.REALM> in it for root accesse.) rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0808081024570.17789>