[OpenAFS] gssklog-0.10 - better support for SEAM and SSPI with cross realm
Douglas E. Engert
deengert@anl.gov
Tue, 09 Sep 2003 14:36:34 -0500
The gssklog was updated to to allow one to use the Sun Solaris SEAM
gss routines. This required some additional handling of the
GSS mech_types so as to select Kerberos if it was available.
The gssklog when run on Windows can use the SSPI. When used with
cross realm the SSPI in some situations could not determine the realm
of the server. If this happens, DNS will be queried to
look for a TXT record of the form _kerberos.<hostname.domain> or
_kerberos.<domain> and pass this to SSPI to use as the realm.
See: <draft-ietf-cat-krb-dns-locate-02.txt>
The SEAM code has only partial testing, as the the systems I had
did not have encryption. There may also be some problems
when used in a mixed environment with enc_types.
Please treat this as a beta release. I am looking for feedback.
If you compile with -DDEBUG added to the CFLAGS, bother the client
and server wil write additional information to stderr.
ftp://achilles.ctd.anl.gov/pub/DEE/README.GSSKLOG
ftp://achilles.ctd.anl.gov/pub/DEE/gssklog-0.10.tar
ftp://achilles.ctd.anl.gov/pub/DEE/gssklog-0.10.run.zip
The last file has the gssklog.exe compiled on W2K using the
OpenAFS-1.2.10 libs, and is ready to run. It will test to
see if the MIT gssapi32.dll is present, and can use it
or the built-in SSPI routines to contact the gssklog server.
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444