From: Chuck Lever <chuck.lever@oracle.com>
To: Trond Myklebust <trondmy@gmail.com>
Cc: Christoph Hellwig <hch@infradead.org>, Jim Rees <rees@umich.edu>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: librpcsecgss: FTBFS on GNU/kFreeBSD
Date: Wed, 4 Dec 2013 13:14:47 -0500 [thread overview]
Message-ID: <09856BCA-A255-4975-8144-D38775DC44A8@oracle.com> (raw)
In-Reply-To: <1021B36D-17B9-477F-A8AE-86D6A7750B80@gmail.com>
On Dec 4, 2013, at 12:53 PM, Trond Myklebust <trondmy@gmail.com> wrote:
>
> On Dec 4, 2013, at 12:14, Chuck Lever <chuck.lever@oracle.com> wrote:
>
>>
>> On Dec 4, 2013, at 8:13 AM, Christoph Hellwig <hch@infradead.org> wrote:
>>
>>> Btw, looks like librpcsecgss is indeed pretty much unmaintained. The
>>> last upstream release is a tarball drop from CITI in 2009 and there
>>> doesn't appear to be a source repository of any kind.
>>>
>>> I think the best idea would be to merge it into the libtirpc repo,
>>> as both the heritage and usage of the codebases is the same.
>>
>> Comparing what's packaged in nfs-utils-lib and what's in libtirpc: it appears libtirpc already has librpcsecgss.
>
> It does? AFAICS a freshly cloned copy of libtirpc only contains the prehistoric krb4/DES implementation. I see no GSS library.
I pulled from:
git://git.infradead.org/~steved/libtirpc.git
Yes, there's AUTH_DES support in libtirpc, and who knows if our implementation works.
But I'm looking at tirpc/rpc/auth_gss.h. Both libraries provide roughly the same API. And I'm able to build a working GSS-enabled version of rpc.fedfsd and clients. "git log" tells me src/auth_gss.c and tirpc/rpc/auth_gss.h have been in libtirpc since at least 0.1.7.
libtirpc applications currently have to link explicitly with libgssapi_krb5 (provided by MIT Kerberos), AFAICT, to get GSS support.
I'd like to add support in libtirpc for dynamically loading libgssapi_krb5 when it is needed. Then applications would need only invoke rpc_gss_*() (or the legacy authgss_*() equivalent) to get RPCSECGSS, if libgssapi_krb5 is already installed on their system.
> I thought the reason why we deprecated librpcsecgss was that the MIT Kerberos libraries now have the equivalent hooks.
My understanding:
MIT Kerberos provides libgssapi_krb5.
libtirpc provides the RPCSEC APIs based on the Kerberos v5 mechanism provided in libgssapi_krb5.
librpcsecgss provides RPCSEC APIs based on the GSSAPI Kerberos v5 mechanism provided in libgssglue, which is deprecated.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
next prev parent reply other threads:[~2013-12-04 18:15 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090703133142.14887.33854.reportbug@localhost.localdomain>
2013-11-24 5:19 ` librpcsecgss: FTBFS on GNU/kFreeBSD Aníbal Monsalve Salazar
2013-11-24 9:09 ` Christoph Hellwig
2013-11-24 13:07 ` Jim Rees
2013-11-24 13:29 ` Christoph Hellwig
2013-12-04 13:13 ` Christoph Hellwig
2013-12-04 17:14 ` Chuck Lever
2013-12-04 17:53 ` Trond Myklebust
2013-12-04 18:14 ` Chuck Lever [this message]
2013-12-05 13:23 ` Christoph Hellwig
2013-12-05 13:41 ` Trond Myklebust
2013-12-05 13:43 ` Christoph Hellwig
2013-12-05 13:45 ` Trond Myklebust
2013-12-05 16:37 ` Steve Dickson
2013-12-10 6:27 ` NeilBrown
2013-12-05 16:15 ` Jim Rees
2013-12-04 18:24 ` J. Bruce Fields
2013-12-04 18:27 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09856BCA-A255-4975-8144-D38775DC44A8@oracle.com \
--to=chuck.lever@oracle.com \
--cc=hch@infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=rees@umich.edu \
--cc=trondmy@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).