[00:16:22] --- Russ has left: Disconnected [00:24:11] --- dev-zero@jabber.org has become available [00:39:37] --- dev-zero@jabber.org has left [00:40:14] --- dev-zero@jabber.org has become available [02:01:34] --- Simon Wilkinson has left [02:44:28] --- Jeffrey Altman has become available [02:56:41] Jeff: I know that you are not entirely joking. I like your way of handling such kind of problems ;-) [03:44:45] --- haba has left [04:07:14] --- kaj has left [04:10:56] --- Simon Wilkinson has become available [04:11:27] Theo has a history of just not turning up for talks in the US. [04:15:04] --- shadow@gmail.com/owlA1A71CB3 has left [04:18:14] --- Simon Wilkinson has left [04:45:02] --- haba has become available [04:46:11] Simon, Jeff: Yes, it needs to be outside US. [04:58:19] --- Simon Wilkinson has become available [05:06:16] git over IP over 3G at 200km/h is pressing it a little. [05:07:02] --- haba has left [05:07:32] Especiallly if you're trying to clone the OpenAFS repo [05:08:44] --- Rrrrrred has become available [05:10:14] --- Rrrrrred has left [05:16:17] --- kula has become available [05:18:24] we do accept remote talks [05:18:40] --- Jeffrey Altman has left [05:30:10] --- Simon Wilkinson has left [05:33:25] --- kaj has become available [05:34:17] --- shadow@gmail.com/owlB97AB4FD has become available [06:09:40] --- summatusmentis has become available [07:11:55] --- deason has become available [07:23:59] --- sxw mobile has become available [07:49:27] --- sxw mobile has left [08:17:42] --- asedeno has left [08:17:57] --- asedeno has become available [08:48:05] --- kaj has left [09:04:00] --- sxw mobile has become available [09:04:54] --- sxw mobile has left [09:06:42] --- sxw mobile has become available [09:07:41] --- sxw mobile has left [09:09:17] --- sxw mobile has become available [09:32:36] --- dev-zero@jabber.org has left [10:03:00] --- sxw mobile has left [10:04:40] --- kaj has become available [10:06:13] --- meffie has become available [10:06:54] --- sxw mobile has become available [10:07:48] --- sxw mobile has left [10:10:43] --- abo has left [10:11:39] --- abo has become available [10:19:08] --- sxw mobile has become available [10:25:03] --- dev-zero@jabber.org has become available [10:27:32] --- Russ has become available [11:06:01] --- dev-zero@jabber.org has left [11:09:49] --- Simon Wilkinson has become available [11:10:50] --- Simon Wilkinson has left [11:23:57] --- Simon Wilkinson has become available [11:24:44] Simo Sorce has pointed out that Fedora 12 is shipping with my GSSAPI Key exchange patch. Which means all of the vendors I care about are covered. [11:25:44] which vendors? [11:26:19] Fedora/RH, Apple, Debian. [11:26:42] then one more than me [11:39:27] Solaris also includes it in their sshd, no? [11:39:50] Which means that at this point, I think the only people the OpenSSH folks are hurting are the BSD world and the now-obscure UNIX platforms like AIX and IRIX. [11:40:42] * Russ wonders if FreeBSD or NetBSD include the patch in their ports. [11:41:28] The patch is not in the version in FreeBSD's base system ... let me check if it's in a port. [11:42:08] (I have been debating whether I want to expend the effort to try and get it into the base system.) [11:42:17] --- dev-zero@jabber.org has become available [11:42:42] * Russ would be very amused if we reached a point where the only people shipping an unpatched OpenSSH are OpenBSD. [11:43:04] It would be quite amusing, 'tis true. [11:46:07] The version in the FreeBSD ports tree does pull in openssh-5.0p1-gsskex-20080404.patch as a configurable option. [11:46:42] Which probably means that I will be too lazy to try and get it into base. [11:47:15] (I am resigned to being unable to use krb5 from base, since MIT's Moira now uses MIT-specific bits from krb5.h) [11:47:46] (and if I'm already using an external kerberos, it's not that much bigger of a step to use external ssh) [11:48:59] Huh, MIT-specific Kerberos bits? What sort of thing? [11:49:05] --- phalenor has left: Lost connection [11:50:11] --- abo has left [11:50:25] --- phalenor has become available [11:50:55] --- abo has become available [11:52:37] do you mean "KRB5_PRIVATE" structures and functions? [11:53:07] Quite possibly. My notes appear to be on a machine that I can't access from here. [11:54:42] Things like the krb5_princ_name() macro, if I remember correctly. [11:57:09] that isn't private [11:58:36] --- dev-zero@jabber.org has left [11:58:57] --- dev-zero@jabber.org has become available [11:59:03] I didn't get a chance to look too closely, but I'm pretty sure that was the build error I got. I looked enough to see that it was a macro in MIT krb5 that wasn't present in (my version of) heimdal, and that just copying the macro definition would fail due to (?) differences in the structure. Then I got busy with other things. [11:59:22] --- Simon Wilkinson has left [12:31:29] Oh, yeah, MIT to Heimdal requires a bunch of portability glue. [12:31:57] In most cases because Heimdal has a more sensible API, but it cuts both ways. [12:33:22] The Heimdal equivalent of that function is krb5_principal_get_comp_string(ctx, princ, 1). [12:35:00] * Russ now has a bunch of Autoconf probes and a header file that translates something close to the Heimdal API into the right calls for either implementation, but only for those functions that some piece of software I maintain actually uses. [12:50:15] Ah. In any case, I don't think it's worth trying to convince the MIT Moira development team to make things work better on non-MIT Kerberos. [12:52:06] If you’re willing to write a patch, we have gotten moiradev to accept plenty of patches (including sweeping changes to the build system). [12:52:41] Sure, I've seen them go in. But it would necessarily have to involve a lot of preprocessor goo, no? [12:53:08] (In fact, one of those seeping changes was what broke it) [12:53:39] Er, maybe. [13:00:55] --- dev-zero@jabber.org has left [13:11:16] --- sxw mobile has left [13:35:17] If you write to the MIT API, you need a lot of replacement functions to talk to Heimdal, I think, since you have to take const char * and turn it into krb5_data structs. [13:35:26] If you go the other way around, it's more straightforward. [13:35:52] The MIT API has the dubious advantage of allowing nul characters in principals and passwords, which I'm fairly sure don't work anyway if you tried to really use them. [13:36:03] Otherwise, the Heimdal API is nicer since it just gives you strings. [13:36:13] (This is specifically about all the krb5_princ manipulation functions.) [13:38:45] Hm. Maybe I will talk to broder at some point and see how much work it was. (I am pretty sure that he is the original author for the krb5 moira patches.) [13:59:28] --- Simon Wilkinson has become available [13:59:44] --- Simon Wilkinson has left [14:01:18] --- Simon Wilkinson has become available [14:21:07] --- mdionne has become available [14:36:13] --- dev-zero@jabber.org has become available [14:36:32] --- dev-zero@jabber.org has left [14:36:45] --- dev-zero@jabber.org has become available [14:44:13] --- Kevin Sumner has left [15:10:17] --- dev-zero@jabber.org has left [15:16:01] --- dev-zero@jabber.org has become available [15:55:47] --- deason has left [16:18:43] --- Simon Wilkinson has left [17:02:12] --- deason has become available [18:45:03] --- mdionne has left [20:08:19] --- Rrrrrred has become available [20:17:09] --- Rrrrrred has left [22:01:14] --- Russ has left: Disconnected [22:19:43] --- deason has left [22:35:52] --- reuteras has become available [23:15:55] --- kaj has left