> From [EMAIL PROTECTED] Fri Jun 21 07:29:19 2002
> Date: Fri, 21 Jun 2002 06:43:14 -0700 (PDT)
> From: Patrick Powell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: LPRng: Re: LPRNG with Kerberos auth on MacOS X
>
> > From [EMAIL PROTECTED] Tue Jun 18 17:42:16 2002
> > Date: Tue, 18 Jun 2002 20:42:13 -0400
> > Subject: LPRNG with Kerberos auth on MacOS X
> > From: Hua Ying Ling <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> >
> >
> > --Apple-Mail-1-1042976889
> > Content-Transfer-Encoding: 7bit
> > Content-Type: text/plain;
> > charset=US-ASCII;
> > format=flowed
> >
> > Hi Patrick,
> >
> > I emailed you about a couple of months ago about compiling lprng with
> > kerberos support on MacOS X. Unfortunately at the time there were some
> > issues with private Kerberos functions on the Mac I'm curious out the
> > current status. According to the folks from MIT the missing functions
> > are now included with the Kerberos 1.2.5. I've tried to configure lprng
> > with kerberos enabled but it fails with this error:
> >
> > configure: checking for krb5_des_string_to_key in -lcrypto -lcom_err ...
> > configure: checking for krb5_des_string_to_keyin -lk5crypto
> > -lcom_err ...
> > Kerberos 5 encryption support library not found.
> > You may need to use:
> > configure '--with-cppopts=-I/usr/local/include' '--with-
> > ldopts=-L/usr/local/lib'
> >
> > The --with-ldopts=-lcom_err -lk5crypto doesn't seem to help. I could
> > not find krb5_des_string_to_key defined inside the the cryptolib,
> > k5cryptolib, or any of the kerberos frameworks.
> >
> > Thanks
> > ~Hua Ying
>
> Hmmm... Well, I tried this on the Mac OS X system you made available
> to me, and you are right - the libraries in /usr/lib/ had REFERENCES
> to the krb5_des_string_to_key function, but they were not GLOBAL.
> This means that the krb5_des_string_to_key function is a static
> routine in the library:
>
> You can verify this by using:
> [quantum:~/LPRng] papowell% nm /usr/lib/libk5crypto.dylib | grep
>krb5_des_string_to_key
> 93d64868 t _krb5_des_string_to_key
> ^
> The t indicates a static (or local to module) reference.
>
> I will see if there is another routine that will serve
> the same purpose and is a global.
The Kerberos release that is on the Mac OS X system does not
have global krb5_read_message() and krb5_write_message()
routines in their libraries. You can test this out by using the
same technique.
The code that I use for kerberos is effectively a direct steal or copy
of the krb5-1.2.5/src/appl/user_user/client.c (and server.c)
code, which should compile and run on the Max OS release.
This does not appear to be the case. If and when these routines and
the applications can be compiled and ran, then I will be able to
link to the libraries. Please note the code in client.c:
retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
if (retval)
{
com_err("uu-client", retval, "sending principal name to server");
return 8;
}
free(princ);
retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket);
if (retval)
{
com_err("uu-client", retval, "sending ticket to server");
return 8;
}
retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
So I am doing nothing that is not already provided as an example
for tutorial and testing purposes.
Sigh... Hate to say this to you, but you need to talk to Apple
and their Kerberos support folks on this one.
Patrick Powell
(P.S. - you may need to add some -Wl,-bind_at_load or other
flags to stop the loader from whining about library loading order)
Patrick Powell Astart Technologies,
[EMAIL PROTECTED] 9475 Chesapeake Drive, Suite D,
Network and System San Diego, CA 92123
Consulting 858-874-6543 FAX 858-279-8424
LPRng - Print Spooler (http://www.lprng.com)
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
