On Tue, 10 Dec 2013, Benjamin Kaduk wrote:
have not yet done so). I have only tested with MIT krb5's gssapi library; reports from people building against heimdal will be useful. (The system heimdal on my mac is too old to have gss_pseudo_random(), alas.)
Well, maybe "too old" is not quite right, but "too weird to have a usable gss_pseudo_random()", perhaps.
My FreeBSD machine does have a gss_pseudo_random() that can be coaxed into working, though. Their gssapi.h for some reason does not define the GSS_C_PRF_KEY_{FULL,PARTIAL} macros though it does have the function's prototype. It also encodes the counter with the wrong endianness for its PRF+, so aes256-cts-hmac-sha1-96 keys don't work, but aes128-cts-hmac-sha1-96 keys do.
Buildbot points out that my final testing was done without -Wall, so there are some unused variables and such that break (e.g.) the debian and suse builds. Future patchsets will address that; the fedora buildbot did build things okay, though.
-Ben _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
