[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uw-imapd gssapi support and heimdal

To: Mark Davies <mark@MCS.VUW.AC.NZ>
Subject: Re: uw-imapd gssapi support and heimdal
From: Aidan Cully <aidan@kublai.com>
Date: Tue, 18 Jul 2000 21:13:05 -0400
Cc: heimdal-discuss@sics.se
In-Reply-To: <200007180243.e6I2h0H07111@city-art.mcs.vuw.ac.nz>; from mark@MCS.VUW.AC.NZ on Tue, Jul 18, 2000 at 02:42:59PM +1200
References: <200007180243.e6I2h0H07111@city-art.mcs.vuw.ac.nz>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.1.1i

On Tue, Jul 18, 2000 at 02:42:59PM +1200, Mark Davies wrote:
> auth_gss.c: In function `auth_gssapi_valid':
> In file included from auths.c:1,
>                  from env_unix.c:42,
>                  from osdep.c:56:
> auth_gss.c:85: `gss_mech_krb5' undeclared (first use in this function)
> auth_gss.c:85: (Each undeclared identifier is reported only once
> auth_gss.c:85: for each function it appears in.)
> auth_gss.c:86: `gss_mech_set_krb5' undeclared (first use in this function)
> auth_gss.c:88: `gss_nt_service_name' undeclared (first use in this function)
> auth_gss.c: In function `auth_gssapi_client':
> auth_gss.c:126: `gss_nt_service_name' undeclared (first use in this function)
> auth_gss.c: In function `auth_gssapi_server':
> auth_gss.c:265: `gss_nt_service_name' undeclared (first use in this function)
> auth_gss.c:277: `gss_mech_krb5' undeclared (first use in this function)
> 
> where gss_mech_krb5 is used as follows
> 85:  memcpy (&auth_gss_mech,&gss_mech_krb5,sizeof (gss_OID));
> 277:      if (memcmp (mech->elements,gss_mech_krb5->elements,mech->length))
> 
> and gss_nt_service_name is used:
> 
> 88:  if (gss_import_name (&min,&buf,gss_nt_service_name,&name) != GSS_S_COMPLETE)
> 126:    if (gss_import_name(&min,&buf,gss_nt_service_name,&crname)!=GSS_S_COMPLETE)
> 265:  if ((gss_import_name (&min,&buf,gss_nt_service_name,&crname)) == 
> 
> 
> So what are these and what needs to be done to get this to build with heimdal?

As someone else mentioned, gss_nt_service_name seems to be undefined
to heimdal, but looks functionally equivalent to
GSS_C_NT_HOSTBASED_SERVICE.  I think these OIDs are transmitted over
the network, so it's possible that an arbitrary krb5 client won't work
with your (arguably more correct) krb5 imap server, if all you do is
replace gss_nt_service_name with GSS_C_NT_HOSTBASED_SERVICE, since
gss_nt_service_name is not encoded in the same way as
GSS_C_NT_HOSTBASED_SERVICE.  The MIT encoding is:
 {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
              "\x01\x02\x01\x04"},
corresponding to the following definition:
 * service_name:
 *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
 *      generic(1) service_name(4) = 1.2.840.113554.1.2.1.4

gss_mech_krb5 is equivalent in encoding to the Heimdal constant
GSS_KRB5_MECHANISM.  Doing autoconf foo (a #ifndef won't work, I think,
since MIT doesn't use these names, and Heimdal doesn't provide these as
#defines) would allow you to simply replace all references to
gss_mech_krb5 with GSS_KRB5_MECHANISM, and (hopefully) your server will
just work.

HTH,
--aidan

Follow-Ups:
- Re: uw-imapd gssapi support and heimdal
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: uw-imapd gssapi support and heimdal
  - From: Assar Westerlund <assar@sics.se>

References:
- uw-imapd gssapi support and heimdal
  - From: Mark Davies <mark@MCS.VUW.AC.NZ>

Prev by Date: Re: uw-imapd gssapi support and heimdal
Next by Date: Re: uw-imapd gssapi support and heimdal
Prev by thread: Re: uw-imapd gssapi support and heimdal
Next by thread: Re: uw-imapd gssapi support and heimdal
Index(es):
- Date
- Thread