[20175] in Kerberos_V5_Development
Re: Building the PKINIT plugin on Windows
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Oct 8 21:06:51 2020
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>, <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <91826846-fb09-2c0a-0b09-fe8818495d43@mit.edu>
Date: Thu, 8 Oct 2020 21:06:16 -0400
MIME-Version: 1.0
In-Reply-To: <202010090000.09900Dch023875@hedwig.cmf.nrl.navy.mil>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 10/8/20 8:00 PM, Ken Hornstein wrote:
> So I think it
> makes sense to see if MIT is interested in patches to get PKINIT built
> on Windows, and what the best process would be for contributing such
> patches.
Yes. A pull request on github is the best way to contribute changes.
> - "Minor" portability issues, like the use of unistd.h
> - Changes need to be made to the build system to build the pkinit plugin
> - A dependency on OpenSSL
When I last looked into this, the OpenSSL dependency seemed to be the
trickiest part. I didn't have any luck finding examples on github that
didn't check OpenSSL binaries into the repository. So insight from
Windows developers on this point would be the most useful from my
perspective. That would also pave the way for k5tls (for MS-KKDCP
support) and, less importantly, SPAKE support for the NIST curves.
> - The use of dlopen()/dlsym to load a PKCS#11 library
krb5int_open_plugin() and krb5int_get_plugin_sym() from libkrb5support
should be helpful here.
> - The lack of regcomp()/regex() on Windows
It doesn't look like we have an existing facility to help here; we use
regexps in the aname-to-localname part of libkrb5, but appear to just
compile out that code on Windows. gnulib isn't an ideal dependency for
us for licensing reasons.
While I'm not fond of adding more C++ code to the tree than necessary,
wrapping std::regexp might be an option.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
