how to best kerberize a product

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

how to best kerberize a product

Kristen J. Webb
Hi All,
After doing some research on my own, I now have lots of questions.
I have a simple implementation that uses sendauth and recvauth
as a starting point.  It works on my setup, but when I try it in a
Heimdal environment I get some expected results:

h.test: error while loading shared libraries: libcom_err.so.3: cannot open
shared object file: No such file or directory

Trying to be clever, I link it to a previous version:

ln -s libcom_err.so.2.1 libcom_err.so.3

h.test: /usr/local/lib/libcom_err.so.3: no version information available
(required by h.test)

So now I'm thinking that static linking is the way to go.
BTW: we used static linking in a previous kerb4 implementation.

However, when I try to configure with --enable-static
Both 1.6.3 and 1.5.4 give the same error:

configure: error: Sorry, static libraries do not work in this release.

I even tried going all the way back to 1.4.4, where
configure worked, but make bombed right away.

1. Is there an MIT release that is recommended for doing static builds?

2. If not, should I be considering building against Heimdal instead?

3. My original goal was to provide a kerberized binary that would work
in both environments.  Are there any other recommendation or advices
on how to do this?

Thank you very much in advance!

Kris
--
Mr. Kristen J. Webb
Teradactyl LLC.

PHONE: 1-505-242-1091
EMAIL: [hidden email]
VISIT: http://www.teradactyl.com

  Home of the

  True incremental Backup System

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: how to best kerberize a product

Jeffrey Altman-4
Kristen:

This mailing list is for discussions of development of MIT Kerberos
itself, not third party applications.

Please redirect your request to [hidden email].

Thanks.

Jeffrey Altman


Kristen J. Webb wrote:

> Hi All,
> After doing some research on my own, I now have lots of questions.
> I have a simple implementation that uses sendauth and recvauth
> as a starting point.  It works on my setup, but when I try it in a
> Heimdal environment I get some expected results:
>
> h.test: error while loading shared libraries: libcom_err.so.3: cannot
> open shared object file: No such file or directory
>
> Trying to be clever, I link it to a previous version:
>
> ln -s libcom_err.so.2.1 libcom_err.so.3
>
> h.test: /usr/local/lib/libcom_err.so.3: no version information available
> (required by h.test)
>
> So now I'm thinking that static linking is the way to go.
> BTW: we used static linking in a previous kerb4 implementation.
>
> However, when I try to configure with --enable-static
> Both 1.6.3 and 1.5.4 give the same error:
>
> configure: error: Sorry, static libraries do not work in this release.
>
> I even tried going all the way back to 1.4.4, where
> configure worked, but make bombed right away.
>
> 1. Is there an MIT release that is recommended for doing static builds?
>
> 2. If not, should I be considering building against Heimdal instead?
>
> 3. My original goal was to provide a kerberized binary that would work
> in both environments.  Are there any other recommendation or advices
> on how to do this?
>
> Thank you very much in advance!
>
> Kris
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> krbdev mailing list             [hidden email]
> https://mailman.mit.edu/mailman/listinfo/krbdev

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: how to best kerberize a product

Jeffrey Hutzelman
In reply to this post by Kristen J. Webb
--On Wednesday, April 23, 2008 12:46:56 PM -0600 "Kristen J. Webb"
<[hidden email]> wrote:

> Hi All,
> After doing some research on my own, I now have lots of questions.
> I have a simple implementation that uses sendauth and recvauth
> as a starting point.

Don't do that.  In fact, I'd recommend against using Kerberos directly at
all; you should use GSS-API or, if it fits your application, SASL.

Kris, please contact me off-list for more help with this.  There are a
number of possible pitfalls here, and it is very important to me that you
get this right.  As Jeff points out, this is really not the right forum for
this, and I'm 2000+ messages behind on the [hidden email] list. :-(

-- Jeff
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev