On 07/18/2010 06:52 AM, Reko Turja wrote: > After manually changing the gssapi header used in > /usr/src/include/rpc/rpcsec_gss.h to somewhat klunky "#include > "/usr/src/crypto/heimdal/lib/gssapi/gssapi/gssapi.h"" system csupped > yesterday built okay and after rebuilding cyrus-sasl, saslauthd and > cyrus I get the following failures in log: > > Jul 18 16:37:35 moria perl: GSSAPI Error: Miscellaneous failure (see > text)^B (open(/tmp/krb5cc_0): No such file or directory) > > -This is expected behaviour as Kerberos was not running at the moment, > but with Benjamin's patch Kerberos/GSSAPI spat out a meaningful error > message > > After dusting off my old Kerberos setup, doing basic kinit and running > cyradm localhost I got: > > Jul 18 16:39:00 moria perl: GSSAPI Error: Miscellaneous failure (see > text) (Server (imap/localh...@xxx.domain.com) unknown) > > -Again expected as there is no imap trust relationship defined. > > So at least after cursory testing it looks like that with Benjamin's > patch there is a working GSSAPI/Kerberos backend available, instead of > something that chokes on passed parameters that are ok for every other > tested gssapi implementation. > > Of course, more thorough testing in proper kerberised/LDAP environment > needs to be done, which is something I haven't got time at the moment.
Thanks for your testing! Based on the lack of attention my PR has received it seems that not many people have noticed the regression in libgssapi, even though the breaking commit happened in -CURRENT way back in 2008. When you get a chance, please append your test results to PR kern/147454. That may be helpful in attracting some more attention to this issue. -- Benjamin Lee http://www.b1c1l1.com/
signature.asc
Description: OpenPGP digital signature
