search

fedushare / mech_saml_ec

An open source implementation of draft-ietf-kitten-sasl-saml-ec
https://tools.ietf.org/html/draft-ietf-kitten-sasl-saml-ec
10 stars 5 forks source link

Update for current Kerberos versions (>1.10) #10

Closed jbasney closed 9 years ago

jbasney commented 9 years ago

The current mech_saml_ec code was developed/tested against krb5-1.10.3 and it looks like we've got problems with newer Kerberos versions.

One is a compile-time problem:

libtool: link: gcc -g -O2 -o .libs/gss-client gss-client.o gss-misc.o  ../mech_saml_ec/.libs/mech_saml_ec.so -L/usr/lib -L/usr/lib64 -lxml2 -lz -ldl -lcurl -lshibsp -lsaml -lxml-security-c -lxmltooling -lxerces-c -llog4shib -Wl,-rpath -Wl,/usr/local/lib/gss
/usr/bin/ld: gss-client.o: undefined reference to symbol 'gss_str_to_oid@@gssapi_krb5_2_MIT'
/usr/bin/ld: note: 'gss_str_to_oid@@gssapi_krb5_2_MIT' is defined in DSO /lib64/libgssapi_krb5.so.2 so try adding it to the linker command line
/lib64/libgssapi_krb5.so.2: could not read symbols: Invalid operation

Work-around with:

export LIBS="-L/lib64 -lgssapi_krb5"

Also at run-time with gss-sample/gss-server we're getting:

NOTE: Mutual Authentication requested
Looking for Channel Bindings Type in (/home/centos/.gss_saml_ec_cb_type)
Segmentation fault      gss-sample/gss-server
nawatts commented 9 years ago

Without any changes to mech_saml_ec code, I'm able to compile against Kerberos 1.13.2 using the steps in https://github.com/fedushare/mech_saml_dev_environment/blob/master/build.sh.

I can successfully run mech_saml_ec's testserver.sh/testclient.sh and Moonshot SSH works as well.

jbasney commented 9 years ago

Great! Hopefully 0d79d9c43be2ce0976fa548a3fa999113dfe9a7f and 1ff4a902e12ef1317720c36017ee9deb55c6d300 fixed it then. We can re-open the issue if we see it again.