openssh unix dev - Jan 2004 - Syncing sshd/krb GetAFSToken change to Portable: help wanted

Hi All.

	Recently a change was merged from OpenBSD's sshd into Portable that 
implements a KerberosGetAFSToken option (patchset attached).

	This change causes compile errors with both MIT Kerberos and Heimdal 
(errors when compiled with MIT Kerberos below).

	I've figured out that the functions called in the new code are in 
Heimdal's libkafs, so adding -lkafs to the start for the Heimdal CFLAGS 
in configure.ac makes it compile.  Presumably the equivalent code for 
MIT Kerberos needs to be written?  Does it even have an equivalent, or 
can the new block just be wrapped inside an #ifdef HEIMDAL?

	Since I know approximately zero about Kerberos, any assistance would be 
appreciated.

	Thanks,
		-Daz.

gcc -o sshd [snip objs] -L. -Lopenbsd-compat/  -L/usr/kerberos/lib -lssh
-lopenbsd-compat -lwrap  -lresolv -lskey -lutil -lz -lnsl  -lcrypto
-lcrypt -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
session.o: In function `do_child?:
/home/builder/gate/openssh-tinderbox/session.c:1427: undefined reference
to `k_hasafs?
/home/builder/gate/openssh-tinderbox/session.c:1433: undefined reference
to `k_setpag?
/home/builder/gate/openssh-tinderbox/session.c:1435: undefined reference
to `k_afs_cell_of_file?
/home/builder/gate/openssh-tinderbox/session.c:1436: undefined reference
to `krb5_afslog?
/home/builder/gate/openssh-tinderbox/session.c:1439: undefined reference
to `krb5_afslog_home?
collect2: ld returned 1 exit status

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
       Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-kerberosafstoken.patch
Url:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040101/35e4c604/attachment.ksh

Let's try this again ... this time with a subject line :-)

I haven't (yet) tried your patch, but here's some information you may
find useful:

There exists a "krbafs" library, which is in effect a port of KTH
Kerberos's libkafs to MIT Kerberos V
(http://web.mit.edu/openafs/krbafs/).  But KTH-krb is (of course) a
clone of Kerberos 4, so libkrbafs requires Kerberos 4 credentials.
(I've only built krbafs on OS X, and its "home page" is directed
towards users of OS X.  But krbafs should in principle work on other
platforms, and several different RPM versions of it are available --
e.g. http://www.redhat.com/swr/i386/krbafs-1.0-3.i386.html)

Eventually someone may port Heimdal's libkafs to MIT Kerberos V.  But
until that happens I'd just wrap your new code inside #ifdef HEIMDAL
blocks.

On 2004-01-01 5:54:15, Darren Tucker wrote:
> Hi All.
>
>       Recently a change was merged from OpenBSD's sshd into Portable
> that implements a KerberosGetAFSToken option (patchset attached).
>
>       This change causes compile errors with both MIT Kerberos and
> Heimdal (errors when compiled with MIT Kerberos below).
>
>       I've figured out that the functions called in the new code are
> in Heimdal's libkafs, so adding -lkafs to the start for the Heimdal
> CFLAGS in configure.ac makes it compile.  Presumably the equivalent
> code for MIT Kerberos needs to be written?  Does it even have an
> equivalent, or can the new block just be wrapped inside an #ifdef
> HEIMDAL?
>
>       Since I know approximately zero about Kerberos, any assistance
> would be appreciated.
>
>       Thanks,
>               -Daz.