OPenAFS and OpenSSH replacing kafs

Sun Feb 29 11:36:03 EST 2004

On Sat, 28 Feb 2004, Sergio Gelato wrote:
[..]
> An alternative is for the plug-in to be loaded by the Kerberos library.
> This seems to be a straightforward approach on Mac OS X, for example.
> (Not confirmed yet; OpenSSH 3.8p1 apparently needs some patching before
> it will build on OS X. Am looking into it with the help of Steven
> Michaud's earlier work.)
>

I have patches for OS/X to compile.  I'll work on finalizing this because
some of this needs to go upstream (I plan on gutting  the krb5_init_ets()
since it is a private API and is not needed on most systems).  I need to
track down why extactly zlib.h hates being where it is, but this at least
is a workaround.

- Ben

Index: auth-krb5.c
===================================================================
RCS file: /var/cvs/openssh/auth-krb5.c,v
retrieving revision 1.21
diff -u -r1.21 auth-krb5.c

--- auth-krb5.c	22 Nov 2003 01:11:06 -0000	1.21
+++ auth-krb5.c	24 Feb 2004 07:13:56 -0000
@@ -54,7 +54,9 @@
 		problem = krb5_init_context(&authctxt->krb5_ctx);
 		if (problem)
 			return (problem);
+#ifndef __APPLE__ /* XXX OS/X claims to not need this */
 		krb5_init_ets(authctxt->krb5_ctx);
+#endif
 	}
 	return (0);
 }
Index: gss-serv-krb5.c
===================================================================
RCS file: /var/cvs/openssh/gss-serv-krb5.c,v
retrieving revision 1.5
diff -u -r1.5 gss-serv-krb5.c
--- gss-serv-krb5.c	23 Feb 2004 23:37:33 -0000	1.5
+++ gss-serv-krb5.c	24 Feb 2004 07:13:59 -0000
@@ -65,7 +65,9 @@
 		logit("Cannot initialize krb5 context");
 		return 0;
 	}
+#ifndef __APPLE__ /* Apple Claims OS/X does not need it */
 	krb5_init_ets(krb_context);
+#endif

 	return 1;
 }
Index: monitor.c
===================================================================
RCS file: /var/cvs/openssh/monitor.c,v
retrieving revision 1.64
diff -u -r1.64 monitor.c
--- monitor.c	6 Feb 2004 05:40:27 -0000	1.64
+++ monitor.c	24 Feb 2004 07:14:01 -0000
@@ -33,11 +33,12 @@
 #include <skey.h>
 #endif

+#include "zlib.h"
+
 #include "ssh.h"
 #include "auth.h"
 #include "kex.h"
 #include "dh.h"
-#include "zlib.h"
 #include "packet.h"
 #include "auth-options.h"
 #include "sshpty.h"
Index: monitor_wrap.c
===================================================================
RCS file: /var/cvs/openssh/monitor_wrap.c,v
retrieving revision 1.40
diff -u -r1.40 monitor_wrap.c
--- monitor_wrap.c	21 Nov 2003 12:56:47 -0000	1.40
+++ monitor_wrap.c	24 Feb 2004 07:14:02 -0000
@@ -30,6 +30,8 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>

+#include "zlib.h"
+
 #include "ssh.h"
 #include "dh.h"
 #include "kex.h"
@@ -40,7 +42,6 @@
 #include "packet.h"
 #include "mac.h"
 #include "log.h"
-#include "zlib.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 #include "xmalloc.h"


