64-bit KFW Status

Kevin Koch kpkoch at MIT.EDU
Wed Sep 12 15:08:18 EDT 2007 

Is the 64 bit leash API public or internal only?

If 32 bit and 64 bit MSIs can be built but only one may be installed at a
time, a smart installer that 'does the right thing' must be part of KfW 4.
Please propose how it will work before announcing it as a fait accompli.

If only one NIM can be installed, then I don't understand the bullet about
UprgadeCodes and parallel installs on 32- and 64-bit MSIs.  Why allow
parallel installs?
 
The value of this [what do you propose calling it?] depends a lot on the
extent to which the ccache server 'does not behave well under Vista UAC.'
Can you elaborate on that?

Since Kerberos v4 is removed, this is a KfW 4.0 product.  How does this
coordinate with the eventual replacement of CCAPI with a platform
independent implementation?

Thanks.

Kevin

-----Original Message-----
From: kfwdev-bounces at MIT.EDU [mailto:kfwdev-bounces at MIT.EDU] On Behalf Of
Jeffrey Altman
Sent: Wednesday, September 05, 2007 2:44 PM
To: kfwdev at mit.edu
Subject: 64-bit KFW Status

It is now possible to build KFW for AMD64 using the pismere cvs head and
krb5 svn trunk.

    * CCAPIv2 has been ported to Visual Studio 2005 and AMD64.  It is
      possible to communicate with either the 64-bit or 32-bit ccache
      servers from either ccache library.   The limitations of this port
      are that time_t is still a 32-bit value in the ccache server and
      the implementation is still CCAPIv2 which lacks clock skew
      adjustments, locking, and callback notifications when the
      credential cache contents change.  The ccache server is also per
      session so it does not behave well under Vista UAC.
    * leashw32.dll has been ported to AMD64.  All Kerberos v4 and krb524
      support is disabled in the AMD64 build.  The purpose of the
      leashw64.dll is to provide gss_acquire_cred() the ability to query
      NIM for credentials.
    * kclient and krbv4w32 libraries are not built for AMD64
    * krb524.dll and k524init.exe are not build for AMD64
    * kinit.exe, klist.exe, kdestroy.exe are built without krb4 support.
    * leash32.exe is not built for AMD64
    * The NSIS installer is not built for AMD64
    * The MSI installer is built for AMD64.  It uses a unique
      UpgradeCode to permit parallel installs of 32-bit and 64-bit
      MSIs.  The 64-bit MSI and the 32-bit NSIS cannot be installed on
      the same machine.

Open Issues:

    * 32-bit MSI must be modified to not install kfwlogon.dll in 64-bit
      WOW environments
    * Both the 32-bit and 64-bit NetIDMgr.exe can be installed on the
      same machine.  Only one instance of NIM is permitted.  Need to
      decide which version should be installed by default for automatic
      startup.
    * Must confirm that src/windows/build properly generates
      site-local.wxi for Visual Studio 2005 and AMD64.

Jeffrey Altman

More information about the kfwdev mailing list