[cvsnt] Re: gserver_protocol_mit.dll missing in Windows CVSNT-2.0.56
Douglas E. Engert
deengert at anl.gov
Fri Sep 24 22:46:20 BST 2004
Tony Hoyle wrote:
> Douglas E. Engert wrote:
>
>> The cvsnt-2.0.56.exe for Windows released today(?) does not contain the
>> gserver_protocol_mit.dll or any install options to have it included.
>>
>> Previous versions did, although it did require moving the dll
>> and editing the gserver_protocol.ini. The gserver_protocol.ini file
>> is still present.
>>
>> Was this an error or is this feature being dropped?
>>
>> Or is it that the WinCvs contains a recompiled version of CVSNT?
>>
>> We where just getting started using this with the MIT Kerberos for
>> Windows and WinCvs-1.3.20. I don't want to have to resort to using the
>> gserver_protocol.dll based on the SSPI if possible.
>
>
> It was very little used, and since Active Directory contains a
> reasonable kerberos implementation anyway, it's been dropped. If you
> have a KDC running it's trivial to get the windows machine to connect to
> it (you're probably doing it already, so the active directory gserver
> will work out of the box).
Almost. If the users and severs are in different realms, the MS
kerberos has troubles determining the realm of the server if the
server is in a non AD realm. There is a way around this, as the
MS InitializeSecurityContext can take service/host at realm
as the service principal name. The trick it to get this
passed in.
ALso wth the KfW you don't need login to the
machine with AD, you can run leash seperatly.
>
> MIT kerberos has had a number of security problems recently and tracking
> new versions is nontrivial (it's hard to get - I have to spoof my IP via
> a proxy in the US just to download it, then the win32 compile needs
> fixes to work) it's really not worth the effort.
>
Sorry about that. Maybe there is a way around this, as the gssapi
is an IETF standard, and you really don't need the krb5 libs
to build the DLL, if you use something like
gssapi_handle = LoadLibrary("gssapi32.dll"); all you need is
a gssapi stub.
> The source is still maintained as it forms the basis for the Unix
> versions. If you want to continue using it then it can be compiled
> easily enough.
Well I actually got it to compile. I have VS .net and after adding the
include and lib directories to the KfW SDK, it compiled, and it works!
But I was hopping that since you have, you would keep it up, so WinCvs
would have it by default.
Thanks for the quick response.
>
> Tony
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the cvsnt
mailing list