kgssapi and gssd patches for MIT's Kerberos
- Reply: Cy Schubert : "Re: kgssapi and gssd patches for MIT's Kerberos"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 02 Aug 2025 00:21:40 UTC
Hi,
The discussion seems to have not had a mailing list on it,
so here's what I posted.
Maybe some others can do testing (or take a look at them)?
Well, here's patches for testing. They are still kinda rough,
but I'll be cleaning them up in the coming days and putting
them in phabricator.
They are attached and can also be found here...
https://people.freebsd.org/~rmacklem/gssd.patch
https://people.freebsd.org/~rmacklem/kgssapi.patch
To make it work, I did..
# pkg install krb5
--> The libraries in /usr/lib are broken, at least in the one
week old snapshot I am using for testing.
# cp /usr/include/gssapi_krb5/gssapi/gssapi.h /usr/include/gssapi
--> So that the correct (MIT) gssapi.h is in /usr/include/gssapi.
Then after patching and building, I go into...
/usr/obj/usr/src/amd64.amd64/usr.sbin/gssd
and then I re-link gssd with
cc -o gssd -L/usr/local/lib gssd.pieo gssd_prot.pieo gssd_svc.pieo
gssd_xdr.pieo -lkrb5 -lk5crypto -lkrb5profile -lkrb5support
-lgssapi_krb5
and then
# cp gssd /usr/sbin
You might be able to just add "-L/usr/local/lib" to the gssd Makefile,
but I didn't feel like messing with it.
It now seems to be working ok, using a pre-MIT Heimdal 1.5.2 kdc
and pre-MIT system. (I have not yet done any testing with non-FreeBSD
systems. I have Solaris 11.4 and a fairly recent 6.12 kernel based Debian,
but I haven't set either up for Kerberos.)
Good luck with testing, rick
ps: I'll post when cleaner patches are on phabricator.