headers
Marco Maggi | 8 Mar 2013 11:26
Picon
Favicon
Gravatar

on bootstrapping the repository

Ciao,

  I  have created  a  temporary clone  of  the original  GIT
repository[1],  and I  am pushing  doc fixes  to the  branch
"marcomaggi-doc-typos"[2].  I use  an i686-pc-linux-gnu with
GNU Automake version 1.13 and GNU Autoconf version 2.69.

  Unfortunately  I cannot  bootstrap the  repository: I  get
errors and warning when running autoreconf:

    $ autoreconf --verbose --warnings=all --install
    autoreconf: Entering directory `.'
    autoreconf: running: autopoint
    autopoint: File lib/build-aux/config.rpath has been locally modified.
    autopoint: *** Some files have been locally modified. Not overwriting them because --force has not been
specified. For your convenience, you find the local modifications in the file '/tmp/marco/arLe16gm/gtkSCcyU/autopoint.diff'.
    autopoint: *** Stop.
    autoreconf: autopoint failed with exit status: 1

I also see that the INSTALL file is missing.

  Is there something that can be done about it?

TIA

[1] <https://github.com/marcomaggi/gsasl>
[2] <https://github.com/marcomaggi/gsasl/commits/marcomaggi-doc-typos>
--

-- 
Marco Maggi
(Continue reading)

Permalink | Reply | 2 comments |
headers
Marco Maggi | 7 Mar 2013 23:54
Picon
Favicon
Gravatar

on using GSASL_SCRAM_SALTED_PASSWORD

Ciao,

  I  am  binding  GSASL  to   a  language;  I  am  not  into
cryptography; I would like to  stay out of crypto algorithms
implementation as much as I can.

  For the purpose of including examples in the documentation
I  have written  a  pair  of mock  client  and server  using
SCRAM-SHA-1 and  it seems to  me that they can  correctly do
their   thing  with   the   client   setting  the   property
GSASL_PASSWORD.

  Questions:

* I  am in  a  bit  of trouble  implementing  an example  of
  setting the  property GSASL_SCRAM_SALTED_PASSWORD;  is the
  client application supposed to:

  1.  Retrieve the  property  GSASL_SCRAM_ITER  as a  string
     holding a  number of iterations,  and convert it  to an
     actual number "i".

  2. Retrieve  the property GSASL_SCRAM_SALT as  a string in
     base64 encoding, and decode  it obtaining the vector of
     octets "salt".

  3.  Take  the  password  in  clear  and  prepare  it  with
     SASLprep, obtaining the vector of octets "str".

  4. Compute the  function Hi(str, salt, i)  as explained in
(Continue reading)

Permalink | Reply | 2 comments |
headers
Roman | 12 Jul 2012 15:05
Picon
Favicon

GS2 with GSASL

Hi Simon,

I read RFC-5801 on GS2 and I think this would fit our needs. So I will
update my question to ask more precisely about GS2-features in gsasl 1.8:

quoting rfc5801:

8. GSS-API Parameters

„...Use or non-use of deleg_req_flag and anon_req_flag is an
implementation-specific detail. SASL and GS2 implementors are encouraged
to provide programming interfaces by which clients may choose to
delegate credentials and by which servers may receive them.“

Question: Is this implemented in gsasl 1.8?

Thanks,
Roman

_______________________________________________
Help-gsasl mailing list
Help-gsasl <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gsasl
Permalink | Reply | 2 comments |
headers
Roman | 9 Jul 2012 17:02
Picon
Favicon

kerberizing with GSASL? GSSAPI and GS2-KRB5 key handling features

Hi Simon,

we're planning to kerberize an application and I would really appreciate
your advice on the question if we should implement it with GSASL or
GSS-API or something else.

Given the following szenario:

Client APP (running on Win7, ADS) --> Server-APP running on Linux-Server

Windows client-APP is developed under Linux and compiled on MinGW/Debian
(so gsasl+kfw would fit). Client-server-app is already using GnuTLS and
cert based auth.
The goal is to enhance it to support auth via KRB5 (+ additional
kerberos ticket handling features).

My understanding is, that GSSAPI allows "full" kerberization, while
GSASL is a more generic implementation with focus on authentication that
also implements *some* GSSAPI features. Is this right?

Assuming that, the following questions remains:

1. OpenSSH has a config option to "# Forward (delegate) credentials
(tickets) to the server":
    GSSAPIDelegateCredentials yes
Does the GSASL implementations of the mechanisms GS2-KRB5 and/or GSSAPI
also allow to delegate "forwardable" and "proxiable" tickets in addition
to ticket for the requested service?

2. OpenSSH can be combined with pam-krb5. Do you have a server side
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Josefsson | 28 May 2012 20:00
Favicon
Gravatar

GNU SASL 1.8.0 released (new stable branch)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework itself and a couple of common SASL mechanisms are implemented.
GNU SASL can be used by network applications for IMAP, SMTP, XMPP and
similar protocols to provide authentication services.  Support for the
more recent SCRAM-SHA-1, OPENID20 and SAML20 mechanisms is included.

* Version 1.8.0 (released 2012-05-28) [stable]

** This is a new major stable release.  Brief changes compared to 1.6.x:

*** SAML20 support following RFC 6595.

*** OPENID20 support following RFC 6616.

*** Added SMTP server examples (for e.g., SCRAM, SAML20, OPENID20).

*** Various cleanups, portability and other bug fixes.
See the NEWS entries during the 1.7.x branch for details.

** The API and ABI is fully backwards compatible with version 1.6.x.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GNU SASL
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dagobert Michelsen | 23 May 2012 17:36
Favicon
Gravatar

Re: [platform-testers] gsasl 1.7.6

Hi Simon,

Am 23.05.2012 um 09:54 schrieb Simon Josefsson:
> Here is another release candidate, I have tested this on at least
> Solaris 10 and Debian/hppa now.
> 
> ftp://alpha.gnu.org/gnu/gsasl/gsasl-1.7.6.tar.gz

This works on Solaris 9 Sparc with Sun Studio 12. Thanks!

Best regards

  -- Dago

--

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
Permalink | Reply | 0 comments |
headers
Stefano Lattarini | 23 May 2012 10:59
Picon

Re: [platform-testers] gsasl 1.7.6

Hi Simon.

On 05/23/2012 09:54 AM, Simon Josefsson wrote:
> Here is another release candidate, I have tested this on at least
> Solaris 10 and Debian/hppa now.
> 
> ftp://alpha.gnu.org/gnu/gsasl/gsasl-1.7.6.tar.gz
> 
> Please send build reports to help-gsasl <at> gnu.org.
> 
> Thanks,
> Simon
> 
The package configured, built and tested correctly on NetBSD 5.1.
Congratulations :-)

Stefano
Permalink | Reply | 1 comment |
headers
Simon Josefsson | 23 May 2012 09:51
Favicon
Gravatar

GNU SASL 1.7.6 released (development version)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework itself and a couple of common SASL mechanisms are implemented.
GNU SASL can be used by network applications for IMAP, SMTP, XMPP and
similar protocols to provide authentication services.  Support for the
more recent SCRAM-SHA-1, OPENID20 and SAML20 mechanisms is included.

Note!  This is the fourth release candidate of 1.8.0.  Please test this
release as if it were a new stable release that replaces the earlier
1.4.x and 1.6.x branches.  It should be a drop-in.  I plan to make the
final release later this month.

NEWS entries:

** i18n: Updated translations.

** Build fixes.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GNU SASL
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

The project's web page is available at:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dagobert Michelsen | 22 May 2012 22:04
Favicon
Gravatar

Re: [platform-testers] gsasl 1.7.5

Hi Simon,

Am 22.05.2012 um 21:39 schrieb Simon Josefsson:
> Here is another release candidate, it should fix many of the problems
> reported for the last release.
> 
> ftp://alpha.gnu.org/gnu/gsasl/gsasl-1.7.5.tar.gz
> 
> Please send build reports to help-gsasl <at> gnu.org.

On Solaris 9 Sparc with Sun Studio 12 I now get

>   CCLD   smtp-server
> Undefined                       first referenced
>  symbol                             in file
> getline                             smtp-server.o
> ld: fatal: Symbol referencing errors. No output written to .libs/smtp-server

Best regards

  -- Dago

--

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
Permalink | Reply | 1 comment |
headers
Simon Josefsson | 22 May 2012 14:41
Favicon
Gravatar

GNU SASL 1.7.5 released (development version)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework itself and a couple of common SASL mechanisms are implemented.
GNU SASL can be used by network applications for IMAP, SMTP, XMPP and
similar protocols to provide authentication services.  Support for the
more recent SCRAM-SHA-1, OPENID20 and SAML20 mechanisms is included.

Note!  This is the third release candidate of 1.8.0.  Please test this
release as if it were a new stable release that replaces the earlier
1.4.x and 1.6.x branches.  It should be a drop-in.  I plan to make the
final release later this month.

NEWS entries:

** i18n: Updated translations.

** Build fixes.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GNU SASL
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

The project's web page is available at:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Bruno Haible | 18 May 2012 02:54

Re: [platform-testers] gsasl 1.7.4

Simon Josefsson wrote:
> I want to release a new stable version of GNU SASL within a few weeks,
> this is the latest release candidate:
> 
> ftp://alpha.gnu.org/gnu/gsasl/gsasl-1.7.4.tar.gz

* Linux/x86_64
* Linux/ia64
* Linux/mips32
* Linux/powerpc

All tests passed.

-------------------------------------------------------------------------------

* Linux/mips with n32 or 64 ABI

make[2]: Entering directory `/home/haible/multibuild-2082/linuxmipsn32/gsasl-1.7.4/lib/src'
  CCLD   libgsasl.la
/usr/lib/gcc/mipsel-linux-gnu/4.4.6/../../../libgssapi_krb5.so: could not read symbols: File in
wrong format
collect2: ld returned 1 exit status
make[2]: *** [libgsasl.la] Error 1

Apparently a multi-arch problem: libgssapi_krb5 is only installed in 32 ABI.

Similarly:

* Linux/SPARC with 64-bit ABI
(Continue reading)

Permalink | Reply | 4 comments |

Gmane