Re: kgssapi and gssd patches for MIT's Kerberos

Reply: Rick Macklem : "Re: kgssapi and gssd patches for MIT's Kerberos"
In reply to: Rick Macklem : "kgssapi and gssd patches for MIT's Kerberos"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Sat, 02 Aug 2025 20:33:03 UTC

There is also a review in phabricator to switch the gssapi from lib/libgssapi to the MIT provided gssapi as a companion to the patches in this thread.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>  Web:  https://FreeBSD.org
NTP:            <cy@nwtime.org>    Web:  https://nwtime.org
                                                    e^(i*pi)+1=0

Pardon the typos. Tiny keyboard in use.

On August 1, 2025 5:21:40 p.m. PDT, Rick Macklem <rick.macklem@gmail.com> wrote:
>Hi,
>
>The discussion seems to have not had a mailing list on it,
>so here's what I posted.
>
>Maybe some others can do testing (or take a look at them)?
>
>Well, here's patches for testing. They are still kinda rough,
>but I'll be cleaning them up in the coming days and putting
>them in phabricator.
>
>They are attached and can also be found here...
>https://people.freebsd.org/~rmacklem/gssd.patch
>https://people.freebsd.org/~rmacklem/kgssapi.patch
>
>To make it work, I did..
># pkg install krb5
>--> The libraries in /usr/lib are broken, at least in the one
>     week old snapshot I am using for testing.
># cp /usr/include/gssapi_krb5/gssapi/gssapi.h /usr/include/gssapi
>--> So that the correct (MIT) gssapi.h is in /usr/include/gssapi.
>
>Then after patching and building, I go into...
>/usr/obj/usr/src/amd64.amd64/usr.sbin/gssd
>and then I re-link gssd with
>cc -o gssd -L/usr/local/lib gssd.pieo gssd_prot.pieo gssd_svc.pieo
>gssd_xdr.pieo -lkrb5 -lk5crypto -lkrb5profile -lkrb5support
>-lgssapi_krb5
>and then
># cp gssd /usr/sbin
>
>You might be able to just add "-L/usr/local/lib" to the gssd Makefile,
>but I didn't feel like messing with it.
>
>It now seems to be working ok, using a pre-MIT Heimdal 1.5.2 kdc
>and pre-MIT system. (I have not yet done any testing with non-FreeBSD
>systems. I have Solaris 11.4 and a fairly recent 6.12 kernel based Debian,
>but I haven't set either up for Kerberos.)
>
>Good luck with testing, rick
>ps: I'll post when cleaner patches are on phabricator.