Building GNU SASL with support for Kerberos via GSS-API on Windows is straight forward if you use GNU GSS and GNU Shishi as the Kerberos implementation.
If you are using MIT Kerberos for Windows (KfW), getting GNU SASL to build with Kerberos support is not straightforward because KfW does not follow the GNU coding style and it has bugs that needs to be worked around. We provide instructions for this environment as well, in the hope that it will be useful for GNU SASL users.
Our instructions assumes you are building the software on a dpkg-based GNU/Linux systems (e.g., gNewSense) using the MinGW cross-compiler suite. These instructions were compiled for KfW version 3.2.2 which were the latest as of 2010-09-25.
We assume that you have installed a normal build environment including the MinGW cross-compiler. Download and unpack the KfW SDK like this:
$ mkdir ~/kfw $ cd ~/kfw $ wget -q http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2-sdk.zip $ unzip kfw-3-2-2-sdk.zip
Fix a bug in the "win-mac.h" header inside KfW by replacing
#include <sys\foo.h> with
perl -pi -e 's,sys\\,sys/,' ~/kfw/kfw-3-2-2-final/inc/krb5/win-mac.h
Unpack your copy of GNU SASL:
$ wget -q ftp://alpha.gnu.org/gnu/gsasl/gsasl-2.2.0.tar.gz $ tar xfz gsasl-2.2.0.tar.gz $ cd gsasl-2.2.0
Configure GNU SASL like this:
$ lt_cv_deplibs_check_method=pass_all ./configure --host=i586-mingw32msvc --build=i686-pc-linux-gnu --with-gssapi-impl=kfw LDFLAGS="-L$HOME/kfw/kfw-3-2-2-final/lib/i386" CPPFLAGS="-I$HOME/kfw/kfw-3-2-2-final/inc/krb5 -DSSIZE_T_DEFINED"
The ’lt_cv_deplibs_check_method=pass_all’ setting is required because
the KfW SDK does not ship with Libtool
*.la files and is using
non-standard DLL names. The
-DSSIZE_T_DEFINED is necessary
win-mac.h file would provide an incorrect duplicate
ssize_t otherwise. By passing
--with-gssapi-impl=kfw you activate other bug workarounds, such
as providing a
Build the software using:
If you have Wine installed and your kernel is able to invoke it automatically for Windows programs, you can run the self tests. This is recommended to make sure the build is sane.
$ make check
You may get error messages about missing DLLs, like this error:
err:module:import_dll Library gssapi32.dll (which is needed by L"Z:\\home\\jas\\src\\gsasl-1.5.2\\lib\\src\\.libs\\libgsasl-7.dll") not found
If that happens, you need to make sure that Wine can find the
appropriate DLL. The simplest solution is to copy the necessary DLLs
You may now copy the following files onto the Windows machine (e.g., through a USB memory device):
The remaining steps are done on the Windows XP machine. Install KfW and configure it for your realm. To make sure KfW is working properly, acquire a user ticket and then remove it. For testing purposes, you may use the realm ’interop.josefsson.org’ with KDC ’interop.josefsson.org’ and username ’user’ and password ’pass’.
Change to the directory where you placed the files above, and invoke a command like this:
gsasl.exe -d interop.josefsson.org
KfW should query you for a password, and the tool should negotiate authentication against the server using GS2-KRB5.