Bug 4914 - rdesktop uses libgssglue for CredSSP which looks like becoming an obsolete library.
Summary: rdesktop uses libgssglue for CredSSP which looks like becoming an obsolete li...
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: | rdesktop (deprecated) (show other bugs)
Version: 4.1.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.9.0
Assignee: Henrik Andersson
URL:
Keywords: ossman_tester, prosaic, upstream
: 5217 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-11-25 11:46 CET by Henrik Andersson
Modified: 2017-10-09 13:56 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Henrik Andersson cendio 2013-11-25 11:46:52 CET 
Fedora 20 did obosolete libgssglue library and patched rdesktop to disable the NLA functionality, we need to reconsider changing the use of libgssglue.

Either we link agains kerberos directly or we migrate the code used for openssh on windows platform which dlopens kerberos if found runtime. That way we could hotplug the kerberos support in rdesktop.
Comment 1 Henrik Andersson cendio 2014-08-18 12:28:10 CEST 
*** Bug 5217 has been marked as a duplicate of this bug. ***
Comment 2 Karl Mikaelsson cendio 2015-12-01 12:43:49 CET 
I can't find any gssglue packages in CentOS7, so I assume it's gone from RHEL7 as well.

> warning: unable to open /etc/gssapi_mech.conf: errno 2 (No such file or directory)
> WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Comment 3 Pierre Ossman cendio 2017-08-14 12:34:35 CEST 
libgssglue support has been removed upstream:

https://github.com/rdesktop/rdesktop/pull/131

So we need to do something for the next vendor drop.
Comment 4 Samuel Mannehed cendio 2017-09-25 10:37:05 CEST 
gssglue was removed upstream and brought to ThinLinc with vendordrop in r32760. We need to find a way to handle this in ThinLinc.
Comment 5 Samuel Mannehed cendio 2017-09-25 13:56:14 CEST 
We decided after a discussion to add Kerberos runtime libraries as a requirement for ThinLinc. Pierre identified a few problems with linking library statically.
Comment 11 Pierre Ossman cendio 2017-10-09 13:56:10 CEST 
Tested connecting to Windows 2012 R2 and Windows 2016 using Kerberos CredSSP from different distributions, and the state of libgssapi_krb5.so.2 on those distributions:

RHEL 5: OK, libgssapi_krb5.so.2 is not possible to uninstall*
RHEL 6: OK, libgssapi_krb5.so.2 is not possible to uninstall
RHEL 7: OK. libgssapi_krb5.so.2 is not possible to uninstall

SLES 12: OK, libgssapi_krb5.so.2 is not possible to uninstall*

Ubuntu 16.04: OK, libgssapi_krb5.so.2 is not possible to uninstall*

*The system will let you, but you lose basic tools such as yum/zypper, or it's a requirement of openssh server
Note You need to log in before you can comment on or make changes to this bug.