Is there a problem with the GSSAPI implementation in FreeBSD?
I'm trying to compile a minimal application that does nothing more than
including the file gssapi/gssapi_krb5.h:
#include
int main(void)
{
return 0;
}
When compiling this with "gcc foo.c" I get the following error:
On 19 February 2013 17:31, Andrey Simonenko wrote:
It can require bigger buffer, since root can get the pw_password field
> in the struct passwd{}.
>
> Since sysconf(_SC_GETPW_R_SIZE_MAX) does not work on FreeBSD, the buffer
> for getpwnam_r() call should have at least (2 * MAXLOGNAME + 2 *
> MAXP
On 19 February 2013 00:06, Elias Mårtenson wrote:
char lname[MAXLOGNAME + 1], buf[1024];
>
Oops. Here I am, replying to myself.
The above is a typo. That's by modified code. In the original source, buf
is 128 bytes in size.
Regard
On 17 February 2013 22:58, Rick Macklem wrote:
I think the Makefiles are in the kerberos5 directory.
>
> Since the only function you care about is the one in
> kerberos5/lib/libgssapi_krb5/pname_to_uid.c, I'd
> just put a copy of that file in usr.sbin/gssd and
> modify the Makefile there to compi
On 17 February 2013 02:17, Doug Rabson wrote:
>
> I think it was Rick that mentioned the patch. I would apply the patch and
> rebuild your kernel in the interests of changing as little as possible
> while debugging the original issue.
>
Fair enough. I did this. Thanks.
Now, I'm sorry for asking
On 17 February 2013 00:03, Doug Rabson wrote:
> I don't think much (if anything) has changed with gssd between 9.1 and
> current. When your gssd hangs, you can try to get a stack trace using gdb's
> attach command.
>
> Fair enough. However, when it hangs, I have at least a 50% chance of
hitting t
On 16 February 2013 18:58, Doug Rabson wrote:
> This may be a stupid question but does the user 'elias' exist in the local
> password database?
>
> If you are using heimdal from the base distribution and you have source,
> you should be able to build them with debug information which may help.
>
OK, here I am replying to my own email. I just want to mention that I
removed the ports version of Heimdal, but with no change in behaviour.
On 16 February 2013 09:38, Elias Mårtenson wrote:
>
> On 16 Feb, 2013 1:42 AM, "Benjamin Kaduk" wrote:
> >
> >> And ye
On 16 Feb, 2013 1:42 AM, "Benjamin Kaduk" wrote:
>
>> And yet one more thing: Heimdal ships with its own version of libgssapi.
I
>> can link gssd to it, but it won't run properly (it hangs pretty early).
>
> I have forgotten: you are using Heimdal from ports, not from the base
system? I remember
On 16 Feb, 2013 8:57 AM, "Rick Macklem" wrote:
>
> Benjamin Kaduk wrote:
> > On Sat, 16 Feb 2013, Elias Mårtenson wrote:
> >
> > >
> > > Thank you. I did exactly that and I found out some more.
> > >
> > > The problem occurss in f
On 14 February 2013 07:42, Rick Macklem wrote:
Elias Martenson wrote:> Secondly, what if the issue is gssd not correctly
> mapping the
> > principals to
> > Unix usernames? How can I determine if this is the case. There seems
> > to be
> > no logging options for gssd (-d does absolutely nothing o
Thank you for your help. I'm currently in the process of analysing what is
happening inside gssd during these operations. I'll get back later with a
summary of my findings.
However, I have found a real bug this time. An honest to FSM kernel crash.
This is how I reproduced it:
- Kill gssd
- At
Thanks for the information. I was looking a bit further into the tcpdump
log, and this is what happens:
Here are some relevant packets:
115
NULL call establishing a mutual context(?)
GSS-API:
Kerberos AP-REQ:
Ticket: Server Name (Principal): nfs/domainname
117
NULL
On 12 February 2013 23:20, Rick Macklem wrote:
There is (in case you missed it on google):
> http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
> (Nothing much has changed since FreeBSD8, except the name of the client
> side patch for host based initiator credentials in the keytab
First of all, I used the "bug" word in the subject, and I'm not doing that
lightly. I fully understand that the initial reaction to such claim is "he
did something wrong", and frankly, that's what I'm hoping.
I've spent the last two weeks trying to get an NFS share working with krb5p
security from
15 matches
Mail list logo
