From owner-freebsd-current@FreeBSD.ORG  Fri Oct  2 12:38:07 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 106AE106566B;
	Fri,  2 Oct 2009 12:38:07 +0000 (UTC) (envelope-from john@baldwin.cx)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id D33C78FC13;
	Fri,  2 Oct 2009 12:38:06 +0000 (UTC)
Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net
	[66.111.2.69])
	by cyrus.watson.org (Postfix) with ESMTPSA id 8039C46B35;
	Fri,  2 Oct 2009 08:38:06 -0400 (EDT)
Received: from jhbbsd.hudson-trading.com (unknown [209.249.190.8])
	by bigwig.baldwin.cx (Postfix) with ESMTPA id CD6F98A024;
	Fri,  2 Oct 2009 08:38:05 -0400 (EDT)
From: John Baldwin <john@baldwin.cx>
To: freebsd-current@freebsd.org
Date: Fri, 2 Oct 2009 08:24:14 -0400
User-Agent: KMail/1.9.7
References: <4AB27FB6.4010806@eng.auth.gr>
	<20090921222241.GF1001@rwpc12.mby.riverwillow.net.au>
	<20091002081319.GN37304@rwpc12.mby.riverwillow.net.au>
In-Reply-To: <20091002081319.GN37304@rwpc12.mby.riverwillow.net.au>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200910020824.15488.john@baldwin.cx>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1
	(bigwig.baldwin.cx); Fri, 02 Oct 2009 08:38:05 -0400 (EDT)
X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE
	autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx
X-Mailman-Approved-At: Fri, 02 Oct 2009 15:13:58 +0000
Cc: George Mamalakis <mamalos@eng.auth.gr>, Doug Rabson <dfr@freebsd.org>,
	Rick Macklem <rmacklem@uoguelph.ca>,
	John Marshall <john.marshall@riverwillow.com.au>
Subject: Re: [PATCH] SASL problems with spnego on 8.0-BETA4
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2009 12:38:07 -0000

On Friday 02 October 2009 4:13:19 am John Marshall wrote:
> On Tue, 22 Sep 2009, 08:22 +1000, John Marshall wrote:
> > On Mon, 21 Sep 2009, 11:26 -0400, Rick Macklem wrote:
> > > On Mon, 21 Sep 2009, George Mamalakis wrote:
> > > 
>  [snip]
> > > >>
> > > >>SUCCESS!
> > > >>
> > > >>So, this fix obviates THAT reason for installing the Heimdal port.  If
> > > >>George meets with similar success adding -lgssapi_spnego for his 
spnego
> > > >>problem, I suggest that both libraries be added to the list in line 96
> > > >>of /usr/bin/krb5-config prior to release of FreeBSD 8.0.
> > > >>
>  [snip]
> > > >>
> > > >>krb5-config.  It looks like magic needs to happen somewhere in the 
base
> > > >>kerberos build system.
> > > >>
> > > >>I notice that the Heimdal port doesn't build the separate libraries 
and
> > > >>everything seems to be included in libgssapi (which explains why sasl2
> > > >>"works" when linked against the Heimdal port).
> > > >>
> > > >
> > > >I changed my /usr/bin/krb5-config's line 96 to include -lgssapi_spnego 
and 
> > > >-lgssapi_krb5, and ever since both client and server work correctly!! 
Of 
> > > >course I get some other error, but at least this must be a 
configuration 
> > > >error :).
> > > >
>  [snip]
> > > >
> > > Now, hopefully someone who understands enough about dynamic linking will
> > > know if this is the correct fix for 8.0? (I'm going on a couple of weeks
> > > vacation at the end of this week, so I won't be around to commit 
anything
> > > and don't understand it well enough to know if this is the correct way
> > > to fix it.)
> > > 
> > > So, hopefully someone else can pick this one up?
> > > 
> > > Thanks for testing it, rick
> > 
> > Thanks Rick for your very valuable guidance on this problem.  Have a
> > great vacation!
> > 
> > I have submitted a patch to the FreeBSD Makefile which patches the
> > vendor-supplied template for krb5-config.  I should be grateful if dfr@
> > or another src committer would please review this with a view to
> > obtaining re@ approval to commit it before 8.0-RC2.
> > 
> > <http://www.freebsd.org/cgi/query-pr.cgi?pr=139037>
> 
> Any src committers able to help with this?

Hmmm, I thought that libgssapi was supposed to use dlopen to load the proper 
back-end libraries using /etc/gss/mech rather than having applications 
directly link against them.

-- 
John Baldwin