Previous: , Up: Downloading and Installing   [Contents][Index]


1.8.2 Kerberos on Windows

Building GNU SASL with support for Kerberos via GSS-API on Windows is straight forward if you use GNU GSS and GNU Shishi as the Kerberos implementation.

If you are using MIT Kerberos for Windows (KfW), getting GNU SASL to build with Kerberos support is not straightforward because KfW does not follow the GNU coding style and it has bugs that needs to be worked around. We provide instructions for this environment as well, in the hope that it will be useful for GNU SASL users.

Our instructions assumes you are building the software on a dpkg-based GNU/Linux systems (e.g., gNewSense) using the MinGW cross-compiler suite. These instructions were compiled for KfW version 3.2.2 which were the latest as of 2010-09-25.

We assume that you have installed a normal build environment including the MinGW cross-compiler. Download and unpack the KfW SDK like this:

$ mkdir ~/kfw
$ cd ~/kfw
$ wget -q http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2-sdk.zip
$ unzip kfw-3-2-2-sdk.zip

Fix a bug in the "win-mac.h" header inside KfW by replacing #include <sys\foo.h> with #include <sys/foo.h>:

perl -pi -e 's,sys\\,sys/,' ~/kfw/kfw-3-2-2-final/inc/krb5/win-mac.h

Unpack your copy of GNU SASL:

$ wget -q ftp://alpha.gnu.org/gnu/gsasl/gsasl-2.2.1.tar.gz
$ tar xfz gsasl-2.2.1.tar.gz
$ cd gsasl-2.2.1

Configure GNU SASL like this:

$ lt_cv_deplibs_check_method=pass_all ./configure --host=i586-mingw32msvc --build=i686-pc-linux-gnu --with-gssapi-impl=kfw LDFLAGS="-L$HOME/kfw/kfw-3-2-2-final/lib/i386" CPPFLAGS="-I$HOME/kfw/kfw-3-2-2-final/inc/krb5 -DSSIZE_T_DEFINED"

The ’lt_cv_deplibs_check_method=pass_all’ setting is required because the KfW SDK does not ship with Libtool *.la files and is using non-standard DLL names. The -DSSIZE_T_DEFINED is necessary because the win-mac.h file would provide an incorrect duplicate definitions of ssize_t otherwise. By passing --with-gssapi-impl=kfw you activate other bug workarounds, such as providing a GSS_C_NT_HOSTBASED_SERVICE symbol.

Build the software using:

$ make

If you have Wine installed and your kernel is able to invoke it automatically for Windows programs, you can run the self tests. This is recommended to make sure the build is sane.

$ make check

You may get error messages about missing DLLs, like this error:

err:module:import_dll Library gssapi32.dll (which is needed by L"Z:\\home\\jas\\src\\gsasl-1.5.2\\lib\\src\\.libs\\libgsasl-7.dll") not found

If that happens, you need to make sure that Wine can find the appropriate DLL. The simplest solution is to copy the necessary DLLs to ~/.wine/drive_c/windows/system32/.

You may now copy the following files onto the Windows machine (e.g., through a USB memory device):

lib/src/.libs/libgsasl-7.dll
src/.libs/gsasl.exe

The remaining steps are done on the Windows XP machine. Install KfW and configure it for your realm. To make sure KfW is working properly, acquire a user ticket and then remove it. For testing purposes, you may use the realm ’interop.josefsson.org’ with KDC ’interop.josefsson.org’ and username ’user’ and password ’pass’.

Change to the directory where you placed the files above, and invoke a command like this:

gsasl.exe -d interop.josefsson.org

KfW should query you for a password, and the tool should negotiate authentication against the server using GS2-KRB5.


Previous: Installing under Windows, Up: Downloading and Installing   [Contents][Index]