Date: Sat, 02 Aug 2025 13:33:03 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-current@freebsd.org, Rick Macklem <rick.macklem@gmail.com>, FreeBSD CURRENT <freebsd-current@freebsd.org>, Gleb Smirnoff <glebius@freebsd.org>, Benjamin Kaduk <bjkfbsd@gmail.com> Subject: Re: kgssapi and gssd patches for MIT's Kerberos Message-ID: <447F3CFA-E4B8-4283-ACB5-DFE571F00554@cschubert.com> In-Reply-To: <CAM5tNy6kRjUeJUZwmWSnC_kupAaKrqxn5aXR76p_CtWFEu9bvQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
There is also a review in phabricator to switch the gssapi from lib/libgssapi to the MIT provided gssapi as a companion to the patches in this thread. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0 Pardon the typos. Tiny keyboard in use. On August 1, 2025 5:21:40 p.m. PDT, Rick Macklem <rick.macklem@gmail.com> wrote: >Hi, > >The discussion seems to have not had a mailing list on it, >so here's what I posted. > >Maybe some others can do testing (or take a look at them)? > >Well, here's patches for testing. They are still kinda rough, >but I'll be cleaning them up in the coming days and putting >them in phabricator. > >They are attached and can also be found here... >https://people.freebsd.org/~rmacklem/gssd.patch >https://people.freebsd.org/~rmacklem/kgssapi.patch > >To make it work, I did.. ># pkg install krb5 >--> The libraries in /usr/lib are broken, at least in the one > week old snapshot I am using for testing. ># cp /usr/include/gssapi_krb5/gssapi/gssapi.h /usr/include/gssapi >--> So that the correct (MIT) gssapi.h is in /usr/include/gssapi. > >Then after patching and building, I go into... >/usr/obj/usr/src/amd64.amd64/usr.sbin/gssd >and then I re-link gssd with >cc -o gssd -L/usr/local/lib gssd.pieo gssd_prot.pieo gssd_svc.pieo >gssd_xdr.pieo -lkrb5 -lk5crypto -lkrb5profile -lkrb5support >-lgssapi_krb5 >and then ># cp gssd /usr/sbin > >You might be able to just add "-L/usr/local/lib" to the gssd Makefile, >but I didn't feel like messing with it. > >It now seems to be working ok, using a pre-MIT Heimdal 1.5.2 kdc >and pre-MIT system. (I have not yet done any testing with non-FreeBSD >systems. I have Solaris 11.4 and a fairly recent 6.12 kernel based Debian, >but I haven't set either up for Kerberos.) > >Good luck with testing, rick >ps: I'll post when cleaner patches are on phabricator.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447F3CFA-E4B8-4283-ACB5-DFE571F00554>