[PATCH] SASL problems with spnego on 8.0-BETA4
John Baldwin
john at baldwin.cx
Fri Oct 2 12:38:07 UTC 2009
On Friday 02 October 2009 4:13:19 am John Marshall wrote:
> On Tue, 22 Sep 2009, 08:22 +1000, John Marshall wrote:
> > On Mon, 21 Sep 2009, 11:26 -0400, Rick Macklem wrote:
> > > On Mon, 21 Sep 2009, George Mamalakis wrote:
> > >
> [snip]
> > > >>
> > > >>SUCCESS!
> > > >>
> > > >>So, this fix obviates THAT reason for installing the Heimdal port. If
> > > >>George meets with similar success adding -lgssapi_spnego for his
spnego
> > > >>problem, I suggest that both libraries be added to the list in line 96
> > > >>of /usr/bin/krb5-config prior to release of FreeBSD 8.0.
> > > >>
> [snip]
> > > >>
> > > >>krb5-config. It looks like magic needs to happen somewhere in the
base
> > > >>kerberos build system.
> > > >>
> > > >>I notice that the Heimdal port doesn't build the separate libraries
and
> > > >>everything seems to be included in libgssapi (which explains why sasl2
> > > >>"works" when linked against the Heimdal port).
> > > >>
> > > >
> > > >I changed my /usr/bin/krb5-config's line 96 to include -lgssapi_spnego
and
> > > >-lgssapi_krb5, and ever since both client and server work correctly!!
Of
> > > >course I get some other error, but at least this must be a
configuration
> > > >error :).
> > > >
> [snip]
> > > >
> > > Now, hopefully someone who understands enough about dynamic linking will
> > > know if this is the correct fix for 8.0? (I'm going on a couple of weeks
> > > vacation at the end of this week, so I won't be around to commit
anything
> > > and don't understand it well enough to know if this is the correct way
> > > to fix it.)
> > >
> > > So, hopefully someone else can pick this one up?
> > >
> > > Thanks for testing it, rick
> >
> > Thanks Rick for your very valuable guidance on this problem. Have a
> > great vacation!
> >
> > I have submitted a patch to the FreeBSD Makefile which patches the
> > vendor-supplied template for krb5-config. I should be grateful if dfr@
> > or another src committer would please review this with a view to
> > obtaining re@ approval to commit it before 8.0-RC2.
> >
> > <http://www.freebsd.org/cgi/query-pr.cgi?pr=139037>
>
> Any src committers able to help with this?
Hmmm, I thought that libgssapi was supposed to use dlopen to load the proper
back-end libraries using /etc/gss/mech rather than having applications
directly link against them.
--
John Baldwin
More information about the freebsd-current
mailing list