Which GSSAPI library does FreeBSD use?
Doug Rabson
dfr at rabson.org
Mon Aug 4 13:25:23 UTC 2008
On 29 Jul 2008, at 15:27, Rick Macklem wrote:
>
>
> On Tue, 29 Jul 2008, Dag-Erling Smørgrav wrote:
>
>> Rick Macklem <rmacklem at uoguelph.ca> writes:
>>> Hope this isn't too simplistic for this list, but I need to know
>>> which
>>> GSSAPI library sources are being used. They don't appear to be
>>> either
>>> vanilla MIT nor Heimdal.
>>
>> Homegrown (by Doug Rabson, dfr@) with portions borrowed from Heimdal.
>>
> Ok, thanks. I was able to work around my problem by statically linking
> my gssd against libraries built from vanilla Heimdal sources. It looks
> like it inherited the heimdal-0.6 bug, which ignores the lack of the
> GSS_C_SEQUENCE_FLAG and checks it even if it wasn't specified. This
> breaks the client side of RPCSEC_GSS, since somewhat out-of-order
> Sun RPCs, is normal. (RPCSEC_GSS uses a window of recent seq#s to
> protect against replay attempts.)
>
> Should I email Doug or submit a bug report, to see if someone is
> willing
> to work on fixing this?
Try using current - I updated heimdal to 1.1 in current.
The GSS-API implementation in 7.x and current is a plugin system which
heimdal's krb5 code plugs into as a GSS-API mechanism provider. With
heimdal 1.1, it also supports spnego and ntlm as plugins.
More information about the freebsd-fs
mailing list