[cvsnt] Re: gserver_protocol_mit.dll missing in Windows CVSNT-2.0.56

Douglas E. Engert deengert at anl.gov
Mon Sep 27 16:23:30 BST 2004

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Tony Hoyle wrote:

> Douglas E. Engert wrote:
> 
>> Almost. If the users and severs are in different realms, the MS
>> kerberos has troubles determining the realm of the server if the
>> server is in a non AD realm.  There is a way around this, as the
>> MS InitializeSecurityContext can take service/host at realm
>> as the service principal name. The trick it to get this
>> passed in.
> 
> 
> I'm open to ideas - didn't know about that functionality actually.  I 
> could add a realm parameter to gserver.

Yes that might work. The SecureCRT people with thier SSH client
can use gssapi or sspi, and can do something like this with using
sspi. where they can pass in host@<hostname>@<realmname> as
the principal.

I was going to try this too, trying to use the  gserver_protocol.vcproj
but it looks like I also needs the OpenSSL. Wil have to look at this
later.

If you do add the parameter, I can test it.

> 
>> Sorry about that. Maybe there is a way around this, as the gssapi
>> is an IETF standard, and you really don't need the krb5 libs
>> to build the DLL, if you use  something like
>> gssapi_handle = LoadLibrary("gssapi32.dll"); all you need is
>> a gssapi stub.
> 
> 
> You need krb5 to get the username from the gssapi connection 
> (krb5_parse_name / krb5_aname_to_username).
> 

I was thinking client side only which does not need this call.


> The standard MIT win32 build (at least the one I downloaded last time) 
> forgets to export krb5_aname_to_username and I have to add it & rebuild 
> manually, which is a pain.  Might be fixed now but it meant I had to 
> ship compiled DLLs as the standard ones wouldn't work.
> 
> Tony
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook