Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
On Mac OS X, Apple wants us to use the GSS.framework to compile against GSSAPI, instead of <gssapi/gssapi.h>. With this change we can choose headers to link against at compile time, without changing our source and header files.
- Loading branch information
1 parent
416d20c
commit d3b83e8
Showing
19 changed files
with
59 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#ifdef OSX_HAS_GSS_FRAMEWORK | ||
#include <GSS/GSS.h> | ||
#else | ||
#include <gssapi/gssapi.h> | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#ifdef OSX_HAS_GSS_FRAMEWORK | ||
#include <GSS/GSS.h> | ||
#else | ||
#ifdef HAS_GSSAPI_EXT_H | ||
#include <gssapi/gssapi_ext.h> | ||
#else | ||
#include <gssapi/gssapi.h> | ||
#endif | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#ifdef OSX_HAS_GSS_FRAMEWORK | ||
#include <GSS/gssapi_krb5.h> | ||
#else | ||
#include <gssapi/gssapi_krb5.h> | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d3b83e8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sigmaris, do you know how we can enable credential store manipulation in GSS.Framework? I'm getting this error in MacOS:
File "/usr/local/lib/python3.6/site-packages/gssapi/creds.py", line 140, in acquire
raise NotImplementedError("Your GSSAPI implementation does "
NotImplementedError: Your GSSAPI implementation does not have support for manipulating credential stores
d3b83e8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@c4milo The MacOS implementation of GSSAPI doesn't support the credential store extensions, so it's not possible to use them on MacOS. I suggest filing a bug with Apple to request this functionality: https://bugreport.apple.com/
d3b83e8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sigmaris, I haven't been able to find anything on the internet. Have you ever replaced MacOS kerberos implementation with MIT's or Heimdal's? I'm not too concern about security, I just need to smooth out my development workflow.
d3b83e8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or a better question perhaps, how can I recompile python-gssapi, so that it uses Heimdal's or MIT's headers instead?
d3b83e8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't speak to better or worse, and don't have MacOS system to test this on. However, we do support non-default installation prefixes in our setup scripts. This uses the environment variables $GSSAPI_LINKER_ARGS and $GSSAPI_COMPILER_ARGS. (Otherwise we fall back to
-framework GSS
on OSX.) You'll also want the firstkrb5-config
in $PATH to be the one from your custom installation. Finally, $GSSAPI_MAIN_LIB then needs to be set to the path to the .so for libgssapi.We should probably document this in our README.