Cyrus-SASL 2.1.23 / 2.1.24 and Heimdal 1.4

Remi Ferrand remi.ferrand at cc.in2p3.fr
Mon Oct 4 07:17:00 EDT 2010 

Hye,

I'm trying to compile and install cyrus-sasl 2.1.23 (the 2.1.24rc1 has
the same problem...).

I'm working under Solaris 10 (sparc).

I'm using Heimdal Kerberos 1.4 installed in /opt/heimdal.
I'm using OpenSSL 1.2 FIPS (also tested with 0.9.8n and 1.0.0a).

For the Cyrus-SASL purpose, i'm using this:

CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/cyrus
--with-openssl=/opt/openssl --with-plugindir=/opt/cyrus/lib/sasl2
--enable-gssapi=/opt/heimdal --with-krb5-lib=/opt/heimdal/lib
--with-krb5-include=/opt/heimdal/include --with-krb5-impl=heimdal

make
make install


Compilation succeeds without any more human intervention.

But pluginviewer shows up that GSSAPI mechanism isn't available...

# /opt/cyrus/sbin/plugiviewer

Installed SASL (server side) mechanisms are:
ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5 EXTERNAL
List of server plugins follows
Plugin "anonymous" [loaded], 	API version: 4
	SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
	security flags: NO_PLAINTEXT
	features: WANT_CLIENT_FIRST
Plugin "plain" [loaded], 	API version: 4
	SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
	security flags: NO_ANONYMOUS
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded], 	API version: 4
	SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
	features: PROXY_AUTHENTICATION
Plugin "crammd5" [loaded], 	API version: 4
	SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT
	features: SERVER_FIRST
Installed auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , 	API version: 4
	supports store: yes

Installed SASL (client side) mechanisms are:
ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5 EXTERNAL
List of client plugins follows
Plugin "anonymous" [loaded], 	API version: 4
	SASL mechanism: ANONYMOUS, best SSF: 0
	security flags: NO_PLAINTEXT
	features: WANT_CLIENT_FIRST
Plugin "plain" [loaded], 	API version: 4
	SASL mechanism: PLAIN, best SSF: 0
	security flags: NO_ANONYMOUS
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded], 	API version: 4
	SASL mechanism: DIGEST-MD5, best SSF: 128
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
	features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "crammd5" [loaded], 	API version: 4
	SASL mechanism: CRAM-MD5, best SSF: 0
	security flags: NO_ANONYMOUS|NO_PLAINTEXT
	features: SERVER_FIRST
Plugin "EXTERNAL" [loaded], 	API version: 4
	SASL mechanism: EXTERNAL, best SSF: 0
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION


Something strange happens ... the gssapi plugin is present and linked to
the correct Heimdal libs:

# ldd /opt/cyrus/lib/sasl2/libgssapiv2.so
        libgssapi.so.2 =>        /opt/heimdal/lib/libgssapi.so.2
        libkrb5.so.26 =>         /opt/heimdal/lib/libkrb5.so.26
        libasn1.so.8 =>  /opt/heimdal/lib/libasn1.so.8
        libroken.so.18 =>        /opt/heimdal/lib/libroken.so.18
        libcom_err.so.1 =>       /opt/heimdal/lib/libcom_err.so.1
        libresolv.so.2 =>        /lib/libresolv.so.2
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>   /lib/libnsl.so.1
        libc.so.1 =>     /lib/libc.so.1
        libheimntlm.so.0 =>      /opt/heimdal/lib/libheimntlm.so.0
        libhx509.so.5 =>         /opt/heimdal/lib/libhx509.so.5
        libsqlite3.so.0 =>       /opt/sqlite3/lib/libsqlite3.so.0
        libwind.so.0 =>  /opt/heimdal/lib/libwind.so.0
        libdoor.so.1 =>  /lib/libdoor.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        libmd.so.1 =>    /lib/libmd.so.1
        libscf.so.1 =>   /lib/libscf.so.1
        libuutil.so.1 =>         /lib/libuutil.so.1
        libgen.so.1 =>   /lib/libgen.so.1
        libm.so.2 =>     /lib/libm.so.2
        /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
        /platform/SUNW,Sun-Fire-V240/lib/libmd_psr.so.1

A truss on the pluginviewer process reveals that libkrb5 and libgssapi
from heimdal libs are correctly found and everything seems okay from
this point of view.

Everything seems okay but pluginviewer doesn't consider GSSAPI has an
available SASL mechanism. It means that GSSAPI plugin can't be loaded,
isn't it ?

Anybody has already encounter this strange behavior ?

Thanks

R.


-- 

Remi Ferrand             | Institut National de Physique Nucleaire
Tel. +33(0)4.78.93.08.80 |     et de Physique des Particules
Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4055 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20101004/5897c1dd/attachment.bin

More information about the Cyrus-sasl mailing list