[32740] in Kerberos
Re: MIT Kerberos for Windows
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Thu Sep 30 05:24:25 2010
MIME-Version: 1.0
In-Reply-To: <4C9BB4FA.6030304@secure-endpoints.com>
Date: Thu, 30 Sep 2010 19:24:17 +1000
Message-ID: <AANLkTikM0S3pFw+d3cnL00Xz_BfK-nrCURL-89FtYXhy@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: jaltman@secure-endpoints.com
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi
Still related to Kerberos for Windows , but from a development perspective..
I am working on adding GSSAPI support on TortoiseSVN ; this is done by
compiling sasl and neon with GSSAPI support.
This is itself was rather simple using the Kerberos for Windows SDK ;
however for various reasons, I could use the SDK and had to compile
the kerberos libraries from source.
The problem at hand, is that when GSSAPI support for SASL is compiled
the resulting saslGSSAPI.dll has some dependencies on the MIT kerberos
libraries.
Output of ldd is:
gssapi32.dll => /cygdrive/c/Program Files
(x86)/MIT/Kerberos/bin/gssapi32.dll (0x1c000000)
krb5_32.dll => /cygdrive/c/Program Files
(x86)/MIT/Kerberos/bin/krb5_32.dll (0x320000)
comerr32.dll => /cygdrive/c/Program Files
(x86)/MIT/Kerberos/bin/comerr32.dll (0x3c0000)
k5sprt32.dll => /cygdrive/c/Program Files
(x86)/MIT/Kerberos/bin/k5sprt32.dll (0x3d0000)
Obviously, I do not want TortoiseSVN to require people to install
Kerberos for Windows, it has to work as a standalone piece of
software.
If those DLLs can't be found, TSVN would silently fail. If they are
indeed installed, the Network Identity Manager pops-up as required,
which is great.
So I also compiled those DLLs and included them in TSVN ; this however
had some unfortunate consequences...
TSVN is using its own version of the kerberos DLLs listed above, which
seem to not use krb5.ini configured by KfW ; it relies on krb5.ini
found in c:\Windows
When a ticket is required, the Network Identity Manager never shows
up; instead it directly fails.
If I obtain a ticket with NIM, then TSV will connect fine.
So the obvious question is:
Assuming TSVN ships with its own compiled version of the kerberos DLLs
listed above; how can I make it call NIM when required , so it
perfectly integrates with any installed version of Kerberos for
Windows.
This is something Firefox or Thunderbird do fine... Not sure how they did it.
Thank you for your help
Jean-Yves
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
