Gssapi Questions

Marcus Watts mdw at umich.edu
Wed Aug 24 12:03:13 EDT 2011 

   "Allen McWongahey" <allenmcw at comcast.net> writes:
...
> that it would not bomb out because I'm doing cross compilation. Specifically
> when it checks for "constructor/destructor", "regcomp" and "printf
> positional". Basically I just modified the script to disable the checking of
> these 3 things and the script then ran fine.
...

For autoconf / configure, rather than commenting tests out,
there is a better way.  autoconf looks at internal variables
to see if it's already run a test, and suppresses it with a special
"(cached)" log message when it does so.  You can set those variables
in advance which means:
	you can tell it what answer to use.
	you don't need to touch configure at all.

for instance, gnu parted 3.0 can bomb when it tests
for the existance of linux/ext2_fs.h.  To fix that,
	./configure ac_cv_header_linux_ext2_fs_h=yes

In your case, for MIT kerberos, something like,
	ac_cv_func_regcomp=yes
	krb5_cv_attr_constructor_destructor=yes,no
	ac_cv_printf_positional=no
(you'll need to to adjust yes|no to match your configuration.)

If you need a list of the cache variables, configure a scratch copy of
kerberos (say, for your native host), then look at config.cache.
To find out what a particular test wants, look at configure.
If you're really not sure what the answer is, you can
rip the test out of configure, cross-compile it, and run it
by hand.  Note that \$ in conftest.c in configure means $ in
the actual test source (this matters for your ac_cv_printf_positional test!)

...

> 2)      When running configure for OpenSSH it tries to include a header file
> "gssapi_krb5.h" or "gssapi/gssapi_krb5.h" depending on which of two GSSAPI
> compile flags are set. Neither of these exist in the Kerberos distribution.
> The nearest match I can find is "gssapiP_krb5.h" in "src/lib/gssapi/krb5".
> Am I missing something here or is OpenSSH looking in the wrong place?

You're looking in the wrong place, apparently your source or build area.
When kerberos is *installed*, it will make 
	include/gssapi
	include/gssrpc
	include/kadm5
	include/krb5
wherever you told it (configure --prefix etc, as modified by make install DESTDIR=).
Looks to me like you'd tell openssh
	./configure --with-kerberos5=/usr
if you have /usr/include/gssapi/gssapi_krb5.h
It wants to see $KRB5ROOT/bin/krb5-config
so that's a good starting point.
If you're telling mit kerberos to install in some spectacularly non-standard way,
the logic in openssh's configure probably won't work too well.

If you're cross-compiling, you probably *should* be using DESTDIR to put kerberos
out of the way of your running system.  In that case, krb5-config will *definitely*
produce the wrong answer.  For your cross-compile environment, you may want to
do something about that.

				-Marcus Watts

More information about the Kerberos mailing list