From owner-freebsd-fs@FreeBSD.ORG  Fri Aug  8 14:18:08 2008
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 02DDB1065670
	for <freebsd-fs@freebsd.org>; Fri,  8 Aug 2008 14:18:08 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from aeryn.cs.uoguelph.ca (aeryn.cs.uoguelph.ca [131.104.20.160])
	by mx1.freebsd.org (Postfix) with ESMTP id B04FB8FC13
	for <freebsd-fs@freebsd.org>; Fri,  8 Aug 2008 14:18:07 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102])
	by aeryn.cs.uoguelph.ca (8.13.1/8.13.1) with ESMTP id m78EI4sp027966;
	Fri, 8 Aug 2008 10:18:04 -0400
Received: from localhost (rmacklem@localhost)
	by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id
	m78ETPG17936; Fri, 8 Aug 2008 10:29:25 -0400 (EDT)
X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing
	-bs
Date: Fri, 8 Aug 2008 10:29:25 -0400 (EDT)
From: Rick Macklem <rmacklem@uoguelph.ca>
X-X-Sender: rmacklem@muncher.cs.uoguelph.ca
To: Doug Rabson <dfr@rabson.org>
In-Reply-To: <Pine.GSO.4.63.0808071959400.7663@muncher.cs.uoguelph.ca>
Message-ID: <Pine.GSO.4.63.0808081024570.17789@muncher.cs.uoguelph.ca>
References: <Pine.GSO.4.63.0807161832470.5025@muncher.cs.uoguelph.ca>
	<86myk06e18.fsf@ds4.des.no>
	<Pine.GSO.4.63.0807291020260.12515@muncher.cs.uoguelph.ca>
	<326AF658-D96D-4410-9E32-0001FF8264AA@rabson.org>
	<Pine.GSO.4.63.0808071959400.7663@muncher.cs.uoguelph.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Scanned-By: MIMEDefang 2.63 on 131.104.20.161
Cc: freebsd-fs@freebsd.org,
	=?utf-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no>
Subject: Re: Which GSSAPI library does FreeBSD use?
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2008 14:18:08 -0000



On Thu, 7 Aug 2008, Rick Macklem wrote:

>
>
> On Mon, 4 Aug 2008, Doug Rabson wrote:
>> 
>> Try using current - I updated heimdal to 1.1 in current.
>> 
>> The GSS-API implementation in 7.x and current is a plugin system which 
>> heimdal's krb5 code plugs into as a GSS-API mechanism provider. With 
>> heimdal 1.1, it also supports spnego and ntlm as plugins.
>> 
> Well, vanilla Heimdal-1.1 seems to work fine. However, when I try to link
> to the libraries in FreeBSD-CURRENT, I get a bunch of multiply defined
> globals, because it gets both external.o and gss_names.o, out of
> libgssapi.a and libgssapi_krb5.a respectively.
>
Oops, spoke too soon. It worked for a mount last night, but couldn't
re-acquire fresh credentials this morning. (There are slightly different
problems with Heimdal-0.8 and Heimdal-1.1, but they both seem related to
getting a TGT via the keytab entry.) I'm going to try contacting the
Heimdal folks. (In the meantime, I'm back to Heimdal-0.7 which works 
fine.)

If you're doing RPCSEC_GSS for the NLM, you are probably going to want 
this to work too. (Solaris uses a keytab entry with
root/<client-host>.<dns-domain>@<DEFAULT.REALM> in it for root accesse.)

rick