Date: Tue, 22 Sep 2009 08:22:41 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: Doug Rabson <dfr@freebsd.org>, freebsd-current@freebsd.org, George Mamalakis <mamalos@eng.auth.gr> Subject: Re: SASL problems with spnego on 8.0-BETA4 Message-ID: <20090921222241.GF1001@rwpc12.mby.riverwillow.net.au> In-Reply-To: <Pine.GSO.4.63.0909211122440.26309@muncher.cs.uoguelph.ca> References: <4AB27FB6.4010806@eng.auth.gr> <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> <Pine.GSO.4.63.0909181722270.23193@muncher.cs.uoguelph.ca> <20090918233157.GK1231@rwpc12.mby.riverwillow.net.au> <20090921012855.GA1001@rwpc12.mby.riverwillow.net.au> <4AB768C3.6030003@eng.auth.gr> <Pine.GSO.4.63.0909211122440.26309@muncher.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--vA66WO2vHvL/CRSR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, 21 Sep 2009, 11:26 -0400, Rick Macklem wrote: >=20 > On Mon, 21 Sep 2009, George Mamalakis wrote: >=20 > [stuff snipped] > >> > >>SUCCESS! > >> > >>So, this fix obviates THAT reason for installing the Heimdal port. If > >>George meets with similar success adding -lgssapi_spnego for his spnego > >>problem, I suggest that both libraries be added to the list in line 96 > >>of /usr/bin/krb5-config prior to release of FreeBSD 8.0. > >> > >>It doesn't look like this fix is as simple as submitting a patch to > >>krb5-config. It looks like magic needs to happen somewhere in the base > >>kerberos build system. > >> > >>I notice that the Heimdal port doesn't build the separate libraries and > >>everything seems to be included in libgssapi (which explains why sasl2 > >>"works" when linked against the Heimdal port). > >> > >> > >Guys, > > > >I changed my /usr/bin/krb5-config's line 96 to include -lgssapi_spnego a= nd=20 > >-lgssapi_krb5, and ever since both client and server work correctly!! Of= =20 > >course I get some other error, but at least this must be a configuration= =20 > >error :). > > > >So, to sum up: > > > >Still running on fbsd.8-BETA4, changed krb5-config to include the missin= g=20 > >libraries, recompiled cyrus-sasl-2.1.23 after I changed the krb5-config,= =20 > >restarted openldap-sasl-server-2.4.18_1 and after performing an=20 > >ldapsearch, the client does not complain (and exits) about missing=20 > >libraries, NOR does the server crash on sasl authentication. > > > >Great job guys, thank you all very very much for your help! I posted my= =20 > >query on the 17th of Sep. and in four days (weekend inclusive!) someone= =20 > >came up with an answer that resolves my issue! Great job, once more, and= =20 > >thank you all again! > > > Now, hopefully someone who understands enough about dynamic linking will > know if this is the correct fix for 8.0? (I'm going on a couple of weeks > vacation at the end of this week, so I won't be around to commit anything > and don't understand it well enough to know if this is the correct way > to fix it.) >=20 > So, hopefully someone else can pick this one up? >=20 > Thanks for testing it, rick Thanks Rick for your very valuable guidance on this problem. Have a great vacation! I have submitted a patch to the FreeBSD Makefile which patches the vendor-supplied template for krb5-config. I should be grateful if dfr@ or another src committer would please review this with a view to obtaining re@ approval to commit it before 8.0-RC2. <http://www.freebsd.org/cgi/query-pr.cgi?pr=3D139037>; --=20 John Marshall --vA66WO2vHvL/CRSR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkq3/LEACgkQw/tAaKKahKL1CgCcCazZ13EB4F1CBha9SeYFEV0b 3HQAniuXQ8vu0OlF/H7a4tGkLXAweSdl =z6jI -----END PGP SIGNATURE----- --vA66WO2vHvL/CRSR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090921222241.GF1001>