Date: Sun, 7 Jan 2018 13:08:02 -0600 From: Benjamin Kaduk <kaduk@mit.edu> To: Garrett Wollman <wollman@bimajority.org> Cc: freebsd-fs@freebsd.org Subject: Re: Anyone managed to build a static gssd? Message-ID: <20180107190802.GD25484@kduck.kaduk.org> In-Reply-To: <23121.48634.348216.421634@hergotha.csail.mit.edu> References: <23121.48634.348216.421634@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 07, 2018 at 01:28:10AM -0500, Garrett Wollman wrote: > I'm interesting in experimenting with GSSAPI security for NFS mounts, > but we run MIT Kerberos, not Heimdal. AIUI, the kernel code has to > have the same data structures as the userland code in gssd, which > implies that gssd has to be built against Heimdal libraries, not MIT. I think you might want to test that hypothesis experimentally -- both Heimdal and MIT have gss_export_lucid_sec_context() that generate the gss_krb5_lucid_context_v1_t data type, which seems to be defined identically between them. AIUI, this "lucid" (i.e., non-opaque) type is what is used for sending the GSS information into the kernel. -Ben > Has anyone managed to build a gssd executable that is linked > statically against all the Heimdal libraries? I attempted to do this > (in a chroot initialized with stock 11.1) but ended up with something > that still tries to dlopen libgssapi.so.10, which obviously isn't > going to work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180107190802.GD25484>