Is there a problem with the GSSAPI implementation in FreeBSD?
I'm trying to compile a minimal application that does nothing more than
including the file gssapi/gssapi_krb5.h:
#include gssapi/gssapi_krb5.h
int main(void)
{
return 0;
}
When compiling this with gcc foo.c I get the
On 19 February 2013 17:31, Andrey Simonenko si...@comsys.ntu-kpi.kiev.uawrote:
It can require bigger buffer, since root can get the pw_password field
in the struct passwd{}.
Since sysconf(_SC_GETPW_R_SIZE_MAX) does not work on FreeBSD, the buffer
for getpwnam_r() call should have at least (2
On 17 February 2013 22:58, Rick Macklem rmack...@uoguelph.ca wrote:
I think the Makefiles are in the kerberos5 directory.
Since the only function you care about is the one in
kerberos5/lib/libgssapi_krb5/pname_to_uid.c, I'd
just put a copy of that file in usr.sbin/gssd and
modify the
On 19 February 2013 00:06, Elias Mårtenson loke...@gmail.com wrote:
char lname[MAXLOGNAME + 1], buf[1024];
Oops. Here I am, replying to myself.
The above is a typo. That's by modified code. In the original source, buf
is 128 bytes in size.
Regards,
Elias
On 17 February 2013 02:17, Doug Rabson d...@rabson.org wrote:
I think it was Rick that mentioned the patch. I would apply the patch and
rebuild your kernel in the interests of changing as little as possible
while debugging the original issue.
Fair enough. I did this. Thanks.
Now, I'm sorry
OK, here I am replying to my own email. I just want to mention that I
removed the ports version of Heimdal, but with no change in behaviour.
On 16 February 2013 09:38, Elias Mårtenson loke...@gmail.com wrote:
On 16 Feb, 2013 1:42 AM, Benjamin Kaduk ka...@mit.edu wrote:
And yet one more
On 16 February 2013 18:58, Doug Rabson d...@rabson.org wrote:
This may be a stupid question but does the user 'elias' exist in the local
password database?
If you are using heimdal from the base distribution and you have source,
you should be able to build them with debug information which
On 17 February 2013 00:03, Doug Rabson d...@rabson.org wrote:
I don't think much (if anything) has changed with gssd between 9.1 and
current. When your gssd hangs, you can try to get a stack trace using gdb's
attach command.
Fair enough. However, when it hangs, I have at least a 50% chance
On 14 February 2013 07:42, Rick Macklem rmack...@uoguelph.ca wrote:
Elias Martenson wrote: Secondly, what if the issue is gssd not correctly
mapping the
principals to
Unix usernames? How can I determine if this is the case. There seems
to be
no logging options for gssd (-d does
On 16 Feb, 2013 8:57 AM, Rick Macklem rmack...@uoguelph.ca wrote:
Benjamin Kaduk wrote:
On Sat, 16 Feb 2013, Elias Mårtenson wrote:
Thank you. I did exactly that and I found out some more.
The problem occurss in file gss.c, in the
function gssd_pname_to_uid_1_svc
On 16 Feb, 2013 1:42 AM, Benjamin Kaduk ka...@mit.edu wrote:
And yet one more thing: Heimdal ships with its own version of libgssapi.
I
can link gssd to it, but it won't run properly (it hangs pretty early).
I have forgotten: you are using Heimdal from ports, not from the base
system? I
Thank you for your help. I'm currently in the process of analysing what is
happening inside gssd during these operations. I'll get back later with a
summary of my findings.
However, I have found a real bug this time. An honest to FSM kernel crash.
This is how I reproduced it:
- Kill gssd
-
Thanks for the information. I was looking a bit further into the tcpdump
log, and this is what happens:
Here are some relevant packets:
115
NULL call establishing a mutual context(?)
GSS-API:
Kerberos AP-REQ:
Ticket: Server Name (Principal): nfs/domainname
117
First of all, I used the bug word in the subject, and I'm not doing that
lightly. I fully understand that the initial reaction to such claim is he
did something wrong, and frankly, that's what I'm hoping.
I've spent the last two weeks trying to get an NFS share working with krb5p
security from a
On 12 February 2013 23:20, Rick Macklem rmack...@uoguelph.ca wrote:
There is (in case you missed it on google):
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
(Nothing much has changed since FreeBSD8, except the name of the client
side patch for host based initiator
15 matches
Mail list logo