Which GSSAPI library does FreeBSD use?
Rick Macklem
rmacklem at uoguelph.ca
Fri Aug 8 14:18:08 UTC 2008
On Thu, 7 Aug 2008, Rick Macklem wrote:
>
>
> On Mon, 4 Aug 2008, Doug Rabson wrote:
>>
>> Try using current - I updated heimdal to 1.1 in current.
>>
>> The GSS-API implementation in 7.x and current is a plugin system which
>> heimdal's krb5 code plugs into as a GSS-API mechanism provider. With
>> heimdal 1.1, it also supports spnego and ntlm as plugins.
>>
> Well, vanilla Heimdal-1.1 seems to work fine. However, when I try to link
> to the libraries in FreeBSD-CURRENT, I get a bunch of multiply defined
> globals, because it gets both external.o and gss_names.o, out of
> libgssapi.a and libgssapi_krb5.a respectively.
>
Oops, spoke too soon. It worked for a mount last night, but couldn't
re-acquire fresh credentials this morning. (There are slightly different
problems with Heimdal-0.8 and Heimdal-1.1, but they both seem related to
getting a TGT via the keytab entry.) I'm going to try contacting the
Heimdal folks. (In the meantime, I'm back to Heimdal-0.7 which works
fine.)
If you're doing RPCSEC_GSS for the NLM, you are probably going to want
this to work too. (Solaris uses a keytab entry with
root/<client-host>.<dns-domain>@<DEFAULT.REALM> in it for root accesse.)
rick
More information about the freebsd-fs
mailing list