NAVIGATION
CATEGORIES
REFERRENCE
LINKS
AD code using private MIT krb5 routines
7 answers - 757 bytes -
VMS, only the routines and symbols marked as public are exported
by the MIT Kerberos installation.
So the following routines that the active directory support code is
referencing are not available:
decode_krb5_ap_req()
error_message()
krb5_set_default_tgs_ktypes()
initialize_krb5_error_table()
krb5_locate_kdc()
The maintainer of the VMS port of Kerberos is reluctant to make any
symbols for routines that MIT has not marked public visible for
applications to use.
Is there any other way to get Active Directory Support working with MIT
Kerberos?
Is anyone working with MIT to change these to be public symbols?
Thanks,
-John
wb8tyw (AT) qsl (DOT) net
PersonalNo.1 | | 977 bytes |
| 
2006-06-21 at 10:56 -0400 John E. Malmberg sent off:
VMS, only the routines and symbols marked as public are exported
>by the MIT Kerberos installation.
>
>So the following routines that the active directory support code is
>referencing are not available:
>
decode_krb5_ap_req()
error_message()
krb5_set_default_tgs_ktypes()
initialize_krb5_error_table()
krb5_locate_kdc()
>
>The maintainer of the VMS port of Kerberos is reluctant to make any
>symbols for routines that MIT has not marked public visible for
>applications to use.
>
>Is there any other way to get Active Directory Support working with MIT
>Kerberos?
>
>Is anyone working with MIT to change these to be public symbols?
the same problem exists on S X / Darwin, too. Is there anyone in
contact with the MIT kerberos folks?
BjoernNo.2 | | 1134 bytes |
| PGP SIGNED MESSAGE
Hash: SHA1
Bjoern JACKE wrote:
2006-06-21 at 10:56 -0400 John E. Malmberg sent off:
>VMS, only the routines and symbols marked as public are
>exported by the MIT Kerberos installation.
>>
>So the following routines that the active directory support code is
>referencing are not available:
>>
>decode_krb5_ap_req()
>error_message()
>krb5_set_default_tgs_ktypes()
>initialize_krb5_error_table()
>krb5_locate_kdc()
I haven't looked through all of these but at least
krb5_locate_kdc() has a replacement function in
clilrb5.c. Have you looked at that? And possibility fixing
the configure test ?
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
WQHMCXjpfg108WvbeNgIZY0=
=7b7V
PGP SIGNATURENo.3 | | 564 bytes |
| 2006-07-17 at 12:43 -0500 Gerald (Jerry) Carter sent off:
>I haven't looked through all of these but at least
>krb5_locate_kdc() has a replacement function in
>clilrb5.c. Have you looked at that? And possibility fixing
>the configure test ?
that one depends on a bunch of other stuff which MIT doesn't provide:
;host=delta;tree=samba;compiler=gcc
Bjoern
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
f9VYhbsMt1sijc27cmD9E/I=
=UPfF
PGP SIGNATURENo.4 | | 1058 bytes |
| 2006-06-21 at 10:56 -0400 John E. Malmberg sent off:
>VMS, only the routines and symbols marked as public are
>exported by the MIT Kerberos installation.
>>
>So the following routines that the active directory support code is
>referencing are not available:
>>
>decode_krb5_ap_req()
>error_message()
>krb5_set_default_tgs_ktypes()
>initialize_krb5_error_table()
>krb5_locate_kdc()
Bjoern JACKE wrote:
the same problem exists on S X / Darwin, too. Is there anyone in
contact with the MIT kerberos folks?
Hiding symbol, except by declaring them static, used
to be relatively hard on Unix, requiring linker map-files on
Solaris and similar jiggery-pokery on other architectures (;-))
This implies that grep can find a file listing the hidden
interfaces and we can comment out names, or a file listing the
public interfaces and we can add the names.
Then recompileNo.5 | | 988 bytes |
| PGP SIGNED MESSAGE
Hash: SHA1
Bjoern JACKE wrote:
2006-07-17 at 12:43 -0500 Gerald (Jerry) Carter sent off:
>I haven't looked through all of these but at least
>krb5_locate_kdc() has a replacement function in
>clilrb5.c. Have you looked at that? And possibility fixing
>the configure test ?
that one depends on a bunch of other stuff which MIT doesn't provide:
;host=delta;tree=samba;compiler=gcc
Gotcha. Like I said, hadn't looked into it very deeply at
all. When I get a chance, I'll see if we can clean this
up some. Maybe a bit though.
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
erriV40cx7irklve4hID4SA=
=XDb+
PGP SIGNATURENo.6 | | 987 bytes |
| Mon, 2006-07-17 at 13:37 -0500, Gerald (Jerry) Carter wrote:
PGP SIGNED MESSAGE
Hash: SHA1
Bjoern JACKE wrote:
2006-07-17 at 12:43 -0500 Gerald (Jerry) Carter sent off:
>I haven't looked through all of these but at least
>krb5_locate_kdc() has a replacement function in
>clilrb5.c. Have you looked at that? And possibility fixing
>the configure test ?
that one depends on a bunch of other stuff which MIT doesn't provide:
;host=delta;tree=samba;compiler=gcc
Gotcha. Like I said, hadn't looked into it very deeply at
all. When I get a chance, I'll see if we can clean this
up some. Maybe a bit though.
My strong feeling is that we should simply not use that interface. It
is only used for the 'net' tool, last I checked. We have also had
complaints (in the Debian BTS) that we don't even have the right
prototype for it.
Andrew BartlettNo.7 | | 875 bytes |
| PGP SIGNED MESSAGE
Hash: SHA1
Andrew Bartlett wrote:
My strong feeling is that we should simply not
use that interface. It is only used for the 'net' tool, last
I checked. We have also had complaints (in the Debian BTS)
that we don't even have the right prototype for it.
The krb5_locate_kdc() can go in about hour's work.
We already have code to do the DNS SRV lookups ourselves.
Dunno about the rest. But I'll look at replacing
the krb5_locate_kdc() if in fact we are only talking about DNS
queries. If it in voles reading the static configuration
settings in krb5.conf, that would be another issue.
jerry
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
etRSnR6xhkWRjSP/uw/kLJU=
=LIj
PGP SIGNATURE
QUESTION ON "Samba"
- User Manager for SWAT
- vl-messaging configuration readme
- SMB over UDP port 138
- samba3 nmbd and samba4wins simultaneously on multihomed host
- computer outside domain can access resource to inside
- Problem with group mapping and group management
- experimental linux kernel driver for smbd
- Build status as of Wed Jun 21 00:00:01 2006
- Some questions about ./configure and smb.conf options
- LDAP GID<->SID without winbind?
- Printer comments and other weirdness
- samba as a time server (newby question): time not updated
- Stange printer driver problem
- speed trouble ...
- Bug fix needs verification by guru
- smpasswd
- I have no winbind pipe!
- linux_set_kernel_oplock: Refused oplock on file. F_SETLEASEsemantic problem ?
- Problems with Samba 3.0.22 and Fedora Core 5 64 bits(Urgent, please)
- Windows XP and Samba 3.0.22 -- don't mix?