(Illustration by Gaich Muramatsu)
Hello! I have done this although without MIT_Kerberos. There is problem when linking to it - resulting code depends on cygwin1.dll and msvcrt.dll - which is wrong according to cygwin faq. So I start playing with heimdal kerberos. It is compiled under cygwin wery well (in contrast to MIT - which is not), but there are problems linking coda source with it. First of all configure script consider heimdal libraries as not working (although I have set path to them), so this requires editing of Makefile in coda-src/auth2 directory. Second - some of heimdal internal structures are different from MIT ones (although API itself looks almost the same), so I make a little patch to fix these problems in krb5.c file. As a result I've got a working clog (this is the only kerberos-enabled executable which I need). I've not used heimdal before but I like this thing. It is fully compatible with MIT (heimdal clients authenticate without problems on MIT kdc) and it is built with readline support (readline-less ftp from MIT drives me crazy). I ve not yet tried modular clog as Ivan suggested, but I think it will require patching too to make it work with heimdal. Also I had a hard time making "net start venus" work. It is working now but I am not sure why it was failing before. May be it was connected with unconfigured cygwinserver? Now the patches: krb5.c: ---------------------Patch starts here --------------------------- 242,247c242 < #ifdef __KRB5_H__ < HashSecret(session_key->keyvalue.data, session_key->keyvalue.length, *sec ret); < #endif < #ifdef KRB5_GENERAL__ < HashSecret(session_key->contents,session_key->length, *secret); < #endif --- > HashSecret(session_key->contents, session_key->length, *secret); 295,297c290,291 < #ifdef __KRB5_H__ < if (strncmp(ticket->client->realm, kerberos5realm, < strlen(ticket->client->realm))) { --- > if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm, > ticket->enc_part2->client->realm.length)) { 302,309c296 < krc=krb5_unparse_name(krb5context, ticket->client, &cp); < #endif < #ifdef KRB5_GENERAL__ < if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm, < ticket->enc_part2->client->realm.length)) { < fprintf(stderr,"incorrect realm in ticket\n"); < goto out; < } --- > 312d298 < #endif 335,340d320 < #ifdef __KRB5_H__ < HashSecret(ticket->ticket.key.keyvalue.data, < ticket->ticket.key.keyvalue.length, < hKey); < #endif < #ifdef KRB5_GENERAL__ 344c324 < #endif --- > ----------------------------Patch ends here------------------------------ coda-src/auth2/Makefile for cygwin: ----------------------------Makefile------------------------------------- TOPDIR = ../.. srcdir = . TOPOBJ = /home/Administrator/coda-6.0.6 include $(TOPDIR)/Makeconf #CFLAGS += -DCODAAUTH CFLAGS += -DHAVE_KRB5 AUTHCOMMON := acommon.o LIBKRBS= ifneq ($(LIBKRB4),) AUTHCOMMON += krb4.o LIBKRBS += $(LIBKRB4) endif LIBCRYPTO=-lkrb5 -lcom_err -lroken -lasn1 -ldes ifneq ($(LIBKRB5),) AUTHCOMMON += krb5.o LIBKRBS += $(LIBKRB5) endif LIBKRBS=/usr/lib/libkrb5.a /usr/lib/libcom_err.a AUTHCOMMON += krbcommon.o ifneq ($(LIBKRB4)$(LIBKRB5),) AUTHCOMMON += krbcommon.o endif LIBAUTH2OBJS=auth2.server.o avice.o pwsupport.o $(AUTHCOMMON) LIBAUSEROBJS=auth2.client.o auser.o avenus.o $(AUTHCOMMON) CBINS = clog cpasswd ctokens cunlog CSBINS = au SBINS = SSBINS = au auth2 initpw EXECUTABLES = $(CBINS) $(CSBINS) $(SBINS) $(SSBINS) tokentool # # only build clog on win9x # ifeq ($(SHORTSYS),djgpp) EXECUTABLES = clog endif RP2HEADERS = auth2.h DEPLIBS = $(LIBUTIL) $(LIBKERNDEP) $(LIBBASE) LIBS := $(LIBRPC2) $(LIBLWP) $(LIBCRYPTO) $(LIBS) LIBRARIES = libauth2.a libauser.a HEADERS = avenus.h avice.h OBJS = auth2.client.o auth2.server.o auth2.multi.o au.o auser.o avenus.o avice.o initpw.o krb5.o krbcommon.o include $(TOPDIR)/configs/Makerules libauth2.a: $(LIBAUTH2OBJS) libauser.a: $(LIBAUSEROBJS) auth2: auth2.o krb5.o krbcommon.o libauth2.a $(LIBAL) $(LIBRWCDB) $(DEPLIBS) ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ au: au.o libauser.a krb5.o krbcommon.o $(DEPLIBS) ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ clog: clog.o krb5.o krbcommon.o libauser.a tokenfile.o ${LIBCRYPTO} ${LIBKRBS} ${DEPLIBS} ${CC} $(LDFLAGS) $^ ${LIBS} -o $@ cpasswd: cpasswd.o krb5.o libauser.a ${DEPLIBS} ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ initpw: initpw.o $(DEPLIBS) ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ cunlog: cunlog.o libauser.a ${DEPLIBS} ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ ctokens: ctokens.o libauser.a ${DEPLIBS} ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ tokentool: tokentool.o tokenfile.o ${DEPLIBS} ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ ------------------------------------Makefile------------------------------------------Received on 2005-03-16 13:37:14