Which GSSAPI library does FreeBSD use?

[Rick Macklem]

On Thu, 7 Aug 2008, Rick Macklem wrote:

>
>
> On Mon, 4 Aug 2008, Doug Rabson wrote:
>> 
>> Try using current - I updated heimdal to 1.1 in current.
>> 
>> The GSS-API implementation in 7.x and current is a plugin system which 
>> heimdal's krb5 code plugs into as a GSS-API mechanism provider. With 
>> heimdal 1.1, it also supports spnego and ntlm as plugins.
>> 
> Well, vanilla Heimdal-1.1 seems to work fine. However, when I try to link
> to the libraries in FreeBSD-CURRENT, I get a bunch of multiply defined
> globals, because it gets both external.o and gss_names.o, out of
> libgssapi.a and libgssapi_krb5.a respectively.
>
Oops, spoke too soon. It worked for a mount last night, but couldn't
re-acquire fresh credentials this morning. (There are slightly different
problems with Heimdal-0.8 and Heimdal-1.1, but they both seem related to
getting a TGT via the keytab entry.) I'm going to try contacting the
Heimdal folks. (In the meantime, I'm back to Heimdal-0.7 which works 
fine.)

If you're doing RPCSEC_GSS for the NLM, you are probably going to want 
this to work too. (Solaris uses a keytab entry with
root/<client-host>.<dns-domain>@<DEFAULT.REALM> in it for root accesse.)

rick