Anyone managed to build a static gssd?
Benjamin Kaduk
kaduk at mit.edu
Sun Jan 7 19:13:24 UTC 2018
On Sun, Jan 07, 2018 at 01:28:10AM -0500, Garrett Wollman wrote:
> I'm interesting in experimenting with GSSAPI security for NFS mounts,
> but we run MIT Kerberos, not Heimdal. AIUI, the kernel code has to
> have the same data structures as the userland code in gssd, which
> implies that gssd has to be built against Heimdal libraries, not MIT.
I think you might want to test that hypothesis experimentally --
both Heimdal and MIT have gss_export_lucid_sec_context() that
generate the gss_krb5_lucid_context_v1_t data type, which seems
to be defined identically between them. AIUI, this "lucid" (i.e.,
non-opaque) type is what is used for sending the GSS information
into the kernel.
-Ben
> Has anyone managed to build a gssd executable that is linked
> statically against all the Heimdal libraries? I attempted to do this
> (in a chroot initialized with stock 11.1) but ended up with something
> that still tries to dlopen libgssapi.so.10, which obviously isn't
> going to work.
More information about the freebsd-fs
mailing list