[32742] in Kerberos
Re: MIT Kerberos for Windows
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Thu Sep 30 09:21:12 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <4CA48E7F.80204@secure-endpoints.com>
Date: Thu, 30 Sep 2010 09:19:59 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: jyavenard@gmail.com
In-Reply-To: <AANLkTikM0S3pFw+d3cnL00Xz_BfK-nrCURL-89FtYXhy@mail.gmail.com>
Cc: kerberos@mit.edu
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============1847968010=="
Errors-To: kerberos-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1847968010==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig4D97524A1CE86F08DFE1F65A"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4D97524A1CE86F08DFE1F65A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Jean-Yves:
I would recommend that you take a look at
http://github.com/secure-endpoints/heimdal-krbcompat
This SDK provides implementation independence for applications with both
Heimdal and MIT Kerberos.
If you don't want to go this route what you need to do is to use delay
loading of the GSSAPI*.DLL and avoid calling any gss functions if the
library is not present.
Jeffrey Altman
On 9/30/2010 5:24 AM, Jean-Yves Avenard wrote:
> Hi
>
> Still related to Kerberos for Windows , but from a development perspect=
ive..
>
> I am working on adding GSSAPI support on TortoiseSVN ; this is done by
> compiling sasl and neon with GSSAPI support.
>
> This is itself was rather simple using the Kerberos for Windows SDK ;
> however for various reasons, I could use the SDK and had to compile
> the kerberos libraries from source.
>
> The problem at hand, is that when GSSAPI support for SASL is compiled
> the resulting saslGSSAPI.dll has some dependencies on the MIT kerberos
> libraries.
> Output of ldd is:
> gssapi32.dll =3D> /cygdrive/c/Program Files
> (x86)/MIT/Kerberos/bin/gssapi32.dll (0x1c000000)
> krb5_32.dll =3D> /cygdrive/c/Program Files
> (x86)/MIT/Kerberos/bin/krb5_32.dll (0x320000)
> comerr32.dll =3D> /cygdrive/c/Program Files
> (x86)/MIT/Kerberos/bin/comerr32.dll (0x3c0000)
> k5sprt32.dll =3D> /cygdrive/c/Program Files
> (x86)/MIT/Kerberos/bin/k5sprt32.dll (0x3d0000)
>
> Obviously, I do not want TortoiseSVN to require people to install
> Kerberos for Windows, it has to work as a standalone piece of
> software.
> If those DLLs can't be found, TSVN would silently fail. If they are
> indeed installed, the Network Identity Manager pops-up as required,
> which is great.
>
> So I also compiled those DLLs and included them in TSVN ; this however
> had some unfortunate consequences...
> TSVN is using its own version of the kerberos DLLs listed above, which
> seem to not use krb5.ini configured by KfW ; it relies on krb5.ini
> found in c:\Windows
>
> When a ticket is required, the Network Identity Manager never shows
> up; instead it directly fails.
> If I obtain a ticket with NIM, then TSV will connect fine.
>
> So the obvious question is:
> Assuming TSVN ships with its own compiled version of the kerberos DLLs
> listed above; how can I make it call NIM when required , so it
> perfectly integrates with any installed version of Kerberos for
> Windows.
>
> This is something Firefox or Thunderbird do fine... Not sure how they d=
id it.
>
> Thank you for your help
> Jean-Yves
--------------enig4D97524A1CE86F08DFE1F65A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJMpI6CAAoJENxm1CNJffh4JfQIAM2rt8VvTavd42kUXKgBPxV4
URDIsl5D7jfih7aDTYy8Z0CKkmxrfI0l4nuGsHriqs2HJ1gSCQvLPgwJa/NQ3ybB
pz56H/MOIan2tBR49Y0HhVpyw0DcGF5iOhVh01hSnc/i2IFjiTzFPXxptXNJ55V/
yfHnhifpN1+8BQbDNPsXMxO7r9vKltI+wP7q0ar4+vqdu2DujivsqiX9tRj4mlUl
K/SPMVZGrrxJEph8D6wQ6J2+GDaUoTkkyGA3R236C6C0sCzgFYB4dvj02oGe7Zi1
IFHWBHsCFjHkMwmRcmC3RfChoRhL2RnJkdTzsTgoiTZL6bSmshL26aFcNTEm2a0=
=CAit
-----END PGP SIGNATURE-----
--------------enig4D97524A1CE86F08DFE1F65A--
--===============1847968010==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1847968010==--
