Cyrus-SASL 2.1.23 / 2.1.24 and Heimdal 1.4
Remi Ferrand
remi.ferrand at cc.in2p3.fr
Mon Oct 4 07:17:00 EDT 2010
Hye,
I'm trying to compile and install cyrus-sasl 2.1.23 (the 2.1.24rc1 has
the same problem...).
I'm working under Solaris 10 (sparc).
I'm using Heimdal Kerberos 1.4 installed in /opt/heimdal.
I'm using OpenSSL 1.2 FIPS (also tested with 0.9.8n and 1.0.0a).
For the Cyrus-SASL purpose, i'm using this:
CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/cyrus
--with-openssl=/opt/openssl --with-plugindir=/opt/cyrus/lib/sasl2
--enable-gssapi=/opt/heimdal --with-krb5-lib=/opt/heimdal/lib
--with-krb5-include=/opt/heimdal/include --with-krb5-impl=heimdal
make
make install
Compilation succeeds without any more human intervention.
But pluginviewer shows up that GSSAPI mechanism isn't available...
# /opt/cyrus/sbin/plugiviewer
Installed SASL (server side) mechanisms are:
ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5 EXTERNAL
List of server plugins follows
Plugin "anonymous" [loaded], API version: 4
SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
security flags: NO_PLAINTEXT
features: WANT_CLIENT_FIRST
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded], API version: 4
SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
features: PROXY_AUTHENTICATION
Plugin "crammd5" [loaded], API version: 4
SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT
features: SERVER_FIRST
Installed auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , API version: 4
supports store: yes
Installed SASL (client side) mechanisms are:
ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5 EXTERNAL
List of client plugins follows
Plugin "anonymous" [loaded], API version: 4
SASL mechanism: ANONYMOUS, best SSF: 0
security flags: NO_PLAINTEXT
features: WANT_CLIENT_FIRST
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded], API version: 4
SASL mechanism: DIGEST-MD5, best SSF: 128
security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "crammd5" [loaded], API version: 4
SASL mechanism: CRAM-MD5, best SSF: 0
security flags: NO_ANONYMOUS|NO_PLAINTEXT
features: SERVER_FIRST
Plugin "EXTERNAL" [loaded], API version: 4
SASL mechanism: EXTERNAL, best SSF: 0
security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Something strange happens ... the gssapi plugin is present and linked to
the correct Heimdal libs:
# ldd /opt/cyrus/lib/sasl2/libgssapiv2.so
libgssapi.so.2 => /opt/heimdal/lib/libgssapi.so.2
libkrb5.so.26 => /opt/heimdal/lib/libkrb5.so.26
libasn1.so.8 => /opt/heimdal/lib/libasn1.so.8
libroken.so.18 => /opt/heimdal/lib/libroken.so.18
libcom_err.so.1 => /opt/heimdal/lib/libcom_err.so.1
libresolv.so.2 => /lib/libresolv.so.2
libsocket.so.1 => /lib/libsocket.so.1
libnsl.so.1 => /lib/libnsl.so.1
libc.so.1 => /lib/libc.so.1
libheimntlm.so.0 => /opt/heimdal/lib/libheimntlm.so.0
libhx509.so.5 => /opt/heimdal/lib/libhx509.so.5
libsqlite3.so.0 => /opt/sqlite3/lib/libsqlite3.so.0
libwind.so.0 => /opt/heimdal/lib/libwind.so.0
libdoor.so.1 => /lib/libdoor.so.1
libmp.so.2 => /lib/libmp.so.2
libmd.so.1 => /lib/libmd.so.1
libscf.so.1 => /lib/libscf.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /lib/libgen.so.1
libm.so.2 => /lib/libm.so.2
/platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V240/lib/libmd_psr.so.1
A truss on the pluginviewer process reveals that libkrb5 and libgssapi
from heimdal libs are correctly found and everything seems okay from
this point of view.
Everything seems okay but pluginviewer doesn't consider GSSAPI has an
available SASL mechanism. It means that GSSAPI plugin can't be loaded,
isn't it ?
Anybody has already encounter this strange behavior ?
Thanks
R.
--
Remi Ferrand | Institut National de Physique Nucleaire
Tel. +33(0)4.78.93.08.80 | et de Physique des Particules
Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4055 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20101004/5897c1dd/attachment.bin
More information about the Cyrus-sasl
mailing list