site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com This is 10.5.6 (9G55). I'm hoping someone can shed some light on this? This is the expected behavior - working correctly on i386: % gcc test.c -o test -g -lgssapi_krb5 -arch i386 % file test test: Mach-O executable i386 % ./test Beginning authentication for http @ HOST.DOMAIN.COM Received auth token of length 2571 test.c: #include <stdio.h> #include <stdlib.h> #include <string.h> #include <gssapi.h> #include <krb5.h> int main(int argc, char **argv) { char *target = "http @ HOST.DOMAIN.COM"; char *output = NULL; int outputlen = 0; gss_OID mechanism_oid = &auth_oid_negotiate; gss_ctx_id_t gsscontext = NULL; OM_uint32 statusMajor, statusMinor; gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER; gss_name_t server; printf("Beginning authentication for %s\n", target); target_buffer.value = (target != NULL) ? (void *) target : ""; target_buffer.length = (target != NULL) ? strlen(target) + 1 : 0; statusMajor = gss_init_sec_context( &statusMinor, GSS_C_NO_CREDENTIAL, &gsscontext, server, mechanism_oid, GSS_C_DELEG_FLAG | GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, input_token_ptr, NULL, &output_token, NULL, NULL); printf("Received auth token of length %d\n", output_token.length); return; } Sincerely, Edward Thomson <ethomson@teamprise.com> Teamprise _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists.... I'm having difficulties using GSSAPI on x86_64. When I build a simple program using GSSAPI to do SPNEGO, it crashes on the x86_64 architecture. (It works fine on Mac OS for both x86 and ppc architectures, as well as the non-Mac architectures we support.) Sample code is included below. (Note that principal names have spaces added to hopefully avoid email address mangling. If that fails, they are http at HOST.) This is the behavior on x86_64: % gcc test.c -o test -g -lgssapi_krb5 -arch x86_64 % file test test: Mach-O 64-bit executable x86_64 % ./test Beginning authentication for http @ HOST.DOMAIN.COM 2009-03-24 09:28:55.428 test[594:10b] *** NSInvocation: warning: object 0x100079040 of class 'ReplicaFile' does not implement methodSignatureForSelector: -- trouble ahead 2009-03-24 09:28:55.429 test[594:10b] *** NSInvocation: warning: object 0x100079040 of class 'ReplicaFile' does not implement doesNotRecognizeSelector: -- abort Trace/BPT trap Stack trace: Program received signal SIGTRAP, Trace/breakpoint trap. 0x00007fff804e4c15 in ___forwarding___ () (gdb) bt #0 0x00007fff804e4c15 in ___forwarding___ () #1 0x00007fff804e4dd8 in __forwarding_prep_0___ () #2 0x0000000100019e81 in apply_ldap_hints () #3 0x000000010001a53d in get_real_ip_for_loopback () #4 0x00007fff83472b65 in krb5int_locate_server () #5 0x00007fff83474545 in krb5_sendto_kdc () #6 0x00007fff8346aa11 in krb5_send_tgs () #7 0x00007fff8345ba46 in krb5_get_cred_via_tkt () #8 0x00007fff8345a71e in krb5_fwd_tgt_creds () #9 0x00007fff8347b5a9 in make_gss_checksum () #10 0x00007fff83461f65 in krb5_mk_req_extended () #11 0x00007fff834168da in krb5_gss_init_sec_context () #12 0x00007fff83415f67 in gss_init_sec_context () #13 0x00007fff834881bb in spnego_gss_init_sec_context () #14 0x00007fff83415f67 in gss_init_sec_context () #15 0x0000000100000e32 in main (argc=1, argv=0x7fff5fbff470) at test.c: 37 static gss_OID_desc auth_oid_negotiate = { 6, (void *) "\x2b \x06\x01\x05\x05\x02" }; statusMajor = gss_import_name(&statusMinor, &target_buffer, GSS_C_NT_HOSTBASED_SERVICE, &server); if (GSS_ERROR(statusMajor)) { fprintf(stderr, "could not locate principal: %x.%x (%s)", statusMajor, statusMinor, error_message(statusMinor)); return; } if (GSS_ERROR(statusMajor)) { fprintf(stderr, "negotiate failure: %x.%x (%s)\n", statusMajor, statusMinor, error_message(statusMinor)); return; } Please let me know if I can provide more information. Thanks for your time. This email sent to site_archiver@lists.apple.com