Subject: firefox and negotiate authentication
To: None <pkgsrc-users@netbsd.org>
From: Jukka Salmi <j+nbsd@2006.salmi.ch>
List: pkgsrc-users
Date: 03/14/2006 21:10:04
Hi,

I'm using firefox-1.5.0.1nb1 on a -current NetBSD/i386 system and am
having problems using negotiate authentication when using the GSSAPI
library which ships with the base system:

-1080033280[8064d00]:   service = salmi.ch
-1080033280[8064d00]:   using negotiate-gss
-1080033280[8064d00]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1080033280[8064d00]: Fail to load gssapi library
-1080033280[8064d00]: entering nsAuthGSSAPI::Init()

However, if I install security/heimdal from pkgsrc - no matter whether
I use the latest version (0.7.2) or the same version the base system
ships with (0.6.3) - it suddenly works:

-1080033280[8064d00]:   service = salmi.ch
-1080033280[8064d00]:   using negotiate-gss
-1080033280[8064d00]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1080033280[8064d00]: Attempting to load gss functions
-1080033280[8064d00]: entering nsAuthGSSAPI::Init()
-1080033280[8064d00]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
-1080033280[8064d00]: entering nsAuthGSSAPI::GetNextToken()
-1080033280[8064d00]:   leaving nsAuthGSSAPI::GetNextToken [rv=0]
-1080033280[8064d00]:   Sending a token of length 633

That's a fine workaround, but I'd like to make it work with the base
system's libgssapi. Unfortunately I can't find the reason why it fails:

[...]
11207      2 firefox-bin CALL  open(0xb74dc000,0,0xbfbfd958)
11207      2 firefox-bin NAMI  "/usr/lib/libgssapi.so"
11207      2 firefox-bin RET   open 27/0x1b
11207      2 firefox-bin CALL  __fstat30(0x1b,0xbfbfd7e0)
11207      2 firefox-bin RET   __fstat30 0
11207      2 firefox-bin CALL  mmap(0,0x1000,1,1,0x1b,0,0,0)
11207      2 firefox-bin RET   mmap -1155461120/0xbb211000
11207      2 firefox-bin CALL  munmap(0xbb211000,0x1000)
11207      2 firefox-bin RET   munmap 0
11207      2 firefox-bin CALL  mmap(0,0xd000,5,2,0x1b,0,0,0)
11207      2 firefox-bin RET   mmap -1223913472/0xb70c9000
11207      2 firefox-bin CALL  mmap(0xb70d5000,0x1000,3,0x12,0x1b,0,0xc000,0)
11207      2 firefox-bin RET   mmap -1223864320/0xb70d5000
11207      2 firefox-bin CALL  mmap(0xb70d6000,0,3,0x1012,0xffffffff,0,0,0)
11207      2 firefox-bin RET   mmap -1223860224/0xb70d6000
11207      2 firefox-bin CALL  close(0x1b)
11207      2 firefox-bin RET   close 0
11207      2 firefox-bin CALL  munmap(0xb70c9000,0xd000)
11207      2 firefox-bin RET   munmap 0
11207      2 firefox-bin CALL  write(6,0xbfbfd980,0x32)
11207      2 firefox-bin GIO   fd 6 wrote 50 bytes
    "-1080033280[8064d00]: Fail to load gssapi library
    "
11207      2 firefox-bin RET   write 50/0x32
[...]

$ ldd /usr/lib/libgssapi.so.5.0
/usr/lib/libgssapi.so.5.0:

$ ldd /usr/pkg/lib/libgssapi.so.4.0.0
/usr/pkg/lib/libgssapi.so.4.0.0:
	-lcom_err.1 => /usr/pkg/lib/libcom_err.so.1
	-lcrypt.0 => /usr/lib/libcrypt.so.0
	-lcrypto.3 => /usr/lib/libcrypto.so.3
	-lasn1.6 => /usr/pkg/lib/libasn1.so.6
	-lroken.16 => /usr/pkg/lib/libroken.so.16
	-lkrb5.17 => /usr/pkg/lib/libkrb5.so.17


Hints are appreciated.

TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~