On Mon, 26 Oct 2009, b. f. wrote: >> Is there a knob somewhere to enable building of the kgssapi_krb5 module? >> > > I don't see any for the module -- Doug Rabson doesn't seem to have > added it to /usr/src/sys/modules/Makefile in r184588: > > http://svn.freebsd.org/viewvc/base?view=revision&revision=184588 > > And I see that it has some implicit dependencies, like INET6, so the > kinks have not been ironed out of this portion of the code. You could > try: > > cd /usr/src/sys/modules/kgssapi_krb5 && make obj && make depend && > make && make install > At this point, both the regular nfs and experimental nfs subsystems only know to use the gssapi stuff if they're built with options KGSSAPI in the kernel config. I've never tried to build it as a module, but I do know it needs: device crypto >> I have just built 8.0-RC2/i386 and decided to have a look at the >> (experimental) NFSv4 stuff. I included options NFSD and NFSCL in my >> kernel configuration. nfsd(8) indicates that gssd(8) has to be running >> in order for the server to provide gss/krb5 access control. If I try >> starting gssd(8) it complains of a missing kgssapi_krb5 kernel module. >> The module hasn't been built. I've checked the GENERIC and NOTES files >> and can't find any reference to kgssapi_krb5. Is there an undocumented >> configuration option for this? >> >> Also, is there a "getting started" or "how to test" page somewhere to >> give us some clues to get this going? > > See the commit message mentioned above. Also, the primary author, > Rick Macklem, has a tutorial: > > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup > Just fyi, although I can't avoid blame for the NFSD/NFSCL code, I wasn't the author of the Kernel GSSAPI code, just a happy user. Hopefully you'll find the wiki page useful. Feel free to add things to it and/or email me with changes. rickReceived on Mon Oct 26 2009 - 14:24:39 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:57 UTC