netbsd-users: Re: SASL2 and kerberos

Subject: Re: SASL2 and kerberos
To: Dan Riley <dsr@mail.lns.cornell.edu>
From: Louis Guillaume <lguillaume@berklee.edu>
List: netbsd-users
Date: 07/17/2003 14:36:56
Thanks very much, Dan. It looks like my 1.6U i386 sets didn't include 
/usr/include/krb5/krb5-types.h...

$ tar tzvf comp.tgz ./usr/include/krb5/krb5-types.h
tar: ustar vol 1, 8319 files, 61480960 bytes read, 0 bytes written in 11 
secs (5589178 bytes/sec)
tar: WARNING! These patterns were not matched:
./usr/include/krb5/krb5-types.h


... but they are there on a 1.6R machine and on a mac68k 1.6U machine. 
So I grabbed it from the 1.6R machine and all seems well when following 
your instructions.

Now to get sendmail to authenticate smtp traffic using 
sasl->gssapi->krb5! If you happen to have any knowledge of how to do 
this it would be most appreciated; I haven't had any luck yet and this 
doesn't seem to be well documented anywhere.

Thanks again,

Louis




Dan Riley wrote:

> "Louis  Guillaume" <lguillaume@berklee.edu> writes:
> 
>>I'm trying to build then pkgsrc cyrus-sasl2 such that it would be able
>>to authenticate users via the built-in Heimdal kerberos 5 that comes
>>with NetBSD.
>>
>>This is NetBSD-1.6U and a fresh cvs update of pkgsrc as of last
>>night. Here's what I tried...
>>
>># SASL_USE_GSSAPI=YES make install
>>
>>When it gets to "Making all in saslauthd", I see this error, which
>>stops the build...
>>
>>cc -DHAVE_CONFIG_H
>>-DSASLAUTHD_CONF_FILE_DEFAULT=\"/usr/pkg/etc/saslauthd.conf\"
>>-I. -I. -I.. -I./include -I../include  -I/usr/pkg/include
>>-I/usr/local/include -I/usr/include -I/usr/include -I/usr/include
>>-I/usr/include -I/usr/include -I/usr/include  -Wall -W -Wall -O2
>>-I/usr/pkg/include -c
>>auth_krb5.c
>>auth_krb5.c:48: krb5.h: No such file or directory
>>*** Error code 1
> 
> 
> There should have been a -I/usr/include/krb5 in the compile flags,
> courtesy of this line in the Makefile:
> 
> 
> .  if exists(/usr/include/krb5/krb5-types.h)
> CPPFLAGS+=              -I/usr/include/krb5
> .  endif
> 
> which should have taken care of the krb5/krb5.h problem.  Check that
> /usr/include/krb5/krb5-types.h exists--if it does, try a 'make clean'
> and start over (but read the rest of this message first!).
> 
> 
>>...I have a /usr/include/krb5/krb5.h. So I tried "#include
>><krb5/krb5.h>" and the build got a little further until...
>>
>>ld: cannot find -lgssapi_krb5
>>
>>...and I can't find that one either (libgssapi_krb5.a) so  I'm stuck.
>>
>>Is anything missing from my system? Any help would be fantastic.
> 
> 
> configure is failing the test for heimdal, so it is assuming MIT
> kerberos.  It's failing the test for heimdal because the NetBSD
> installation of heimdal uses OpenSSL's libcrypto for the crypto
> primitives, and the sasl configure isn't accounting for that.  Make
> sure you don't have a CPPFLAGS environment variable set, and then try
> 
> make clean
> LIBS=-lcrypto SASL_USE_GSSAPI=YES make
> 
> -dan