Date: Wed, 18 Jan 2006 11:27:52 +0300 From: Boris Samorodov <bsam@ipt.ru> To: freebsd-ports@FreeBSD.org Subject: [mozilla apps] seamonkey, firefox, thundebird and kerberos (gssapi) Message-ID: <26423335@srv.sem.ipt.ru>
next in thread | raw e-mail | index | archive | help
Hi! FYI this is a result of my experiments on configuring Single-Sign-On services across our company based on kerberos (gssapi). Modern mozilla apps -- seamonkey, firefox, thunderbird -- use gssapi to authenticate users, apps and servers. An old style of using gssapi was a negotiateauth extension. One of the main problems to code gssapi-ready programs is the amount of realizations (MIT, heimdal, GNU, MS and others). At compile time the code was linked to system kerberos libraries. No problems (almost). The new style is based on an auth extension which is linked at compile time to mozilla's gssapi skeletone but does loading a system libraries (the library may be set via user config) at runtime. The problem here is with FreeBSD feature(?) of not writing information about linked libraries at the system kerberos: $ ldd /usr/lib/libgssapi.so /usr/lib/libgssapi.so: Hence at runtime mozilla apps try to load gssapi library but fails to use it. A workaround is to install kerberos from ports (both heimdal and MIT kerberos were tested) and set the variable network.negotiate-auth.gsslib (full path). Mozilla apps work like a charm with the ports kerberos. Though tested only HTTP(S) and IMAP(S) I assume that other protocols should work as well. Now our users are happy with one-password-typing! ;-) Viva FreeBSD, viva Mozilla! WBR -- Boris B. Samorodov, Research Engineer InPharmTech Co, http://www.ipt.ru Telephone & Internet Service Provider
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26423335>