Older blog entries for jas (starting at number 23)

GS2-KRB5 using GNU SASL and MIT Kerberos for Windows

I have blogged about GNU SASL and GS2-KRB5 with the native Kerberos on Mac OS X before, so the next logical step has been to support GS2-KRB5 on Windows through MIT Kerberos for Windows (KfW). With the latest release of GNU SASL 1.5.2 I have added support for the KfW GSS-API library. There were several issues in completing this due to problems with KfW, but I won’t bore you with those details.

What is important is to demonstrate how GNU SASL can now talk IMAP authenticated with GS2-KRB5 using KfW on native Windows. Below are two screenshots. The first shows how the MIT Network Identity Manager is invoked automatically to get a ticket. The next screenshot is showing the completed GS2-KRB5 login.

I have prepared GNU SASL with KfW binaries. The manual contains a new section about Kerberos on Windows with details how to build it. The build makefile is available too, if you want to build your own.

Syndicated 2010-09-27 12:14:58 from Simon Josefsson's blog

Bridging SASL and GSS-API: GS2

Yesterday (12th July 2010) the RFC editor announced the publication of RFC 5801, which I’m co-author of. The GS2 document has taken 5 years to reach this status, see my page on GS2 status.

So what is GS2? Briefly explained, it is a method that turns every GSS-API mechanism (with some caveats) into a SASL mechanism automatically. The document describes a way to transform GSS-API mechanism OIDs (e.g., 1.2.840.113554.1.2.2) into SASL mechanism names (e.g., GS2-QLJHGJLWNPL) which takes care of uniquely identifying each mechanism in each framework. The content of each SASL message is exactly the same as the GSS-API context tokens, except (no rules without exceptions..) for the first message from the client to the server. The first message is modified to include a short prefix — called the “GS2 header” — before the first GSS-API context token. The shortest GS2 header is “n,,” which denotes that no channel binding is supported and no authorization identity is present. The GSS-API context token is modified to remove the ASN.1 blob that RFC 2743 section 3.1 requires to be present.

One important aspect of the GS2 design is that we make it easy for SASL mechanisms to become GSS-API mechanisms. To align a SASL mechanism to the GS2 framework, and thus to make it a GSS-API mechanism, a few steps are required. First, you need to assign an OID for the mechanism (if you don’t know how to do this, just contact me and I’ll assign an OID for you). Then you need to make sure the first message is compatible with GS2 in that it uses the GS2 header to signal channel binding and authorization identity. Finally, you need some discussion about what it means for your SASL mechanism to be used as a GSS-API mechanism. This may include discussions on naming types, meaning and use of GSS-API flags, whether delegated credentials are supported, how per-message tokens work.

The primary example SASL mechanism to make use of the GS2 design to become a GSS-API mechanism is SCRAM: also published yesterday as RFC 5802. SCRAM is an updated variant of the CRAM-MD5 and DIGEST-MD5 mechanisms (for example, it uses SHA-1 instead of MD5). Another recent example is the OpenID SASL mechanism.

My project GNU SASL supports both GS2 and SCRAM, see my earlier post on testing GS2-KRB5. I am not aware of any other project that implements GS2 yet, that is why my implementation is still marked as experimental.

Syndicated 2010-07-13 13:58:33 from Simon Josefsson's blog

OpenWRT 10.03 “Backfire”

Earlier I have written about OpenWRT configuration for two routers in a home network and OpenWRT configuration for 3G dial-up (which succeeded my summerhouse OpenWRT writeup) before. The OpenWRT project recently announced a new release, OpenWRT 10.03 Backfire. Thus, this appeared like a good opportunity to wipe out the old configurations on my routers and rewrite the articles using the latest software. I have two articles:

Syndicated 2010-05-03 10:08:15 from Simon Josefsson's blog

GS2-KRB5 in GNU SASL 1.5.0

I have worked in the IETF on the specification for the next generation GSSAPI-to-SASL bridge called GS2 (see my status page for background) for a couple of years now. The specification is (finally!) in the RFC editor’s queue, and is supposed to be stable and final although we are still tuning some details. The next step is to implement the protocol and do interop testing. A couple of months of implementation and testing work culminated in tonight’s release of GNU SASL 1.5.0 (see announcement here). Or should I say that the work can now begin…

To get you started with GS2-KRB5 here is a brief walk-through on installing GNU SASL 1.5.0 on a Mac OS X machine and using it to connect to my GS2-KRB5 interop server. I’m assuming you have already installed a compiler on your system. Start by downloading and installing GNU SASL:

wget -q ftp://alpha.gnu.org/gnu/gsasl/gsasl-1.5.0.tar.gz
tar xfz gsasl-1.5.0.tar.gz
cd gsasl-1.5.0
./configure --prefix=$HOME CFLAGS=-g
make all check install

Next you need to configure Kerberos on your system. If you have already have a configuration, make sure to take a backup of your configuration files. First let’s tell your machine about my interop Kerberos V5 realm by creating a file ~/Library/Preferences/edu.mit.Kerberos with the following content:

        default_realm = interop.josefsson.org

        interop.josefsson.org = {
                kdc = interop.josefsson.org:88

        interop.josefsson.org = interop.josefsson.org

Next get a ticket for a dummy user. Use the password ‘pass’ at the prompt:

espresso:~ jas$ kinit user@interop.josefsson.org
Please enter the password for user@interop.josefsson.org:
espresso:~ jas$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: user@interop.josefsson.org

Valid Starting     Expires            Service Principal
03/31/10 00:59:04  03/31/10 10:59:02  krbtgt/interop.josefsson.org@interop.josefsson.org
	renew until 01/01/70 01:00:00

klist: No Kerberos 4 tickets in credentials cache
espresso:~ jas$

Next connect to my test IMAP server using the command-line ‘gsasl’ tool (long lines cut for legibility):

espresso:~ jas$ ~/bin/gsasl interop.josefsson.org -auser
Trying `interop.josefsson.org'...
* OK IMAP4rev1

. OK AUTHENTICATE GS2-KRB5 authentication successful
Client authentication finished (server trusted)...
Enter application data (EOF to finish):
. list "" "*"
* LIST (\NoInferiors) NIL INBOX
* LIST (\NoInferiors) "/" .bashrc
* LIST (\NoInferiors) "/" .bash_logout
* LIST (\NoInferiors) "/" .profile
* LIST (\NoInferiors) "/" .bash_history
. OK LIST Completed
. logout
* BYE Session terminating.
. OK LOGOUT Completed
Session finished...
espresso:~ jas$

There! You have just completed a GS2-KRB5 authenticated session.

Of course, this works just as well on your favorite GNU/Linux system, but I thought I’d explain it for a non-GNU platform and GSS-API library to show that the code is quite portable despite its experimental status.

Btw, the server is running GNU Shishi as the Kerberos V5 KDC and GNU MailUtils as the IMAP server. The IMAP server is using GNU SASL in server mode.

Syndicated 2010-03-30 23:10:22 from Simon Josefsson's blog

Fellowship interview

At FSCONS I met Stian Rødven Eide who is doing a series of fellowship interviews for FSF Europe. He recently posted an interview with me.

Syndicated 2010-01-08 14:01:18 from Simon Josefsson's blog

Nordic Free Software Award 2009

Last night at FSCONS I was awarded the Nordic Free Software Award, sharing the price with Daniel Stenberg who incidentally (or perhaps not) I have been collaborating with on some projects. Receiving a price like this is a great motivator and I feel humbled when thinking about the many excellent hackers that were attending the FSCONS that cheered me on. Thank you everyone.

Now back to coding.

Syndicated 2009-11-15 15:13:05 from Simon Josefsson's blog

Storing OpenPGP keys in the DNS

Many years ago, for my master’s thesis, I worked on evaluating using the DNS to store certificates. I eventually ended up fixing several problems in RFC 2538 in a document that became RFC 4398. Using CERT records to store certificates haven’t really taken off, but now I’m happy to see work in this area: Dan Mahoney has blogged about How to publish PGP keys in DNS. Nice work!

Syndicated 2009-10-29 08:33:55 from Simon Josefsson's blog

Thread Safe Functions

I have read Russel Coker’s nice article on identifying use of thread unsafe functions. This reminded me of a script I wrote a long time ago that is part of GNU SASL’s regression suite: threadsafety.

As you can see, my script looks for functions mentioned in the latest POSIX specification as being thread unsafe. In the last POSIX release, they actually removed some older interfaces (e.g., gethostbyname) so the script also checks for thread-unsafe functions mentioned in one older POSIX specification.

Russel’s approach is to look for man pages of functions ending with _r and labeling the non-_r-function as a thread unsafe function. Russel’s and my approach are quite different, so I wanted to compare the results. There is potential for me to add more functions to search for. I still want to preserve my approach of explicitly listing known thread unsafe functions, though.

Running Russel’s command, I get a list of functions that my script catches that Russel’s doesn’t, and vice versa. For reference, the functions that my script catches that Russel’s doesn’t are:

basename catgets dbm_clearerr dbm_close dbm_delete dbm_error dbm_fetch dbm_firstkey dbm_nextkey dbm_open dbm_store dirname dlerror endgrent endpwent endutxent ftw gcvt getc_unlocked getchar_unlocked getenv getopt getutxent getutxid getutxline inet_ntoa l64a lgamma lgammaf lgammal localeconv nftw nl_langinfo putc_unlocked putchar_unlocked putenv pututxline setenv setgrent setpwent setutxent strsignal system unsetenv wcstombs wctomb

The list contains lgamma, lgammaf, and lgammal which are all excluded by Russel’s command. I don’t understand why — according to the man page, the functions uses a global variable for sign, which doesn’t seem thread safe. So it seems right to include them?

What’s more interesting (for me) is the list of functions that Russel’s script catches that my script currently doesn’t. Here is the list:

erand48 ether_aton ether_ntoa fgetgrent fgetpwent fgetspent getaliasbyname getaliasent gethostbyname2 getmntent getnetgrent getrpcbyname getrpcbynumber getrpcent getspent getspnam getutent getutid getutline initstate jrand48 lcong48 nrand48 qecvt qfcvt random seed48 setstate sgetspent srand48 srandom tmpnam

I started looking into each function. For erand48 there is a erand48_r function in glibc, and the former does indeed seem to use a global variable. However, as far as I can tell from the POSIX specification, erand48 should be thread safe. So I filed a glibc bug about it. The same concern may hold for jrand48, lcong48, nrand48, seed48, and srand48.

I noticed that initstate, random, setstate, and srandom are defined by latest POSIX, but not mentioned as a thread-unsafe functions. Possibly a bug in the POSIX specification?

I also noticed that I had missed to include tmpnam even though it is mentioned separately in the POSIX link.

The rest of the functions are not documented by POSIX, and presumably thread unsafe (although I didn’t read the man page or source code for each of them).

In the end, I ended up adding several new functions to check for. The latest script is always available from:


So, finally, did the updated script catch any use of thread-unsafe functions in GNU SASL? Nope.

Syndicated 2009-06-23 20:17:02 from Simon Josefsson's blog

CACert and GnuTLS

I haven’t seen this before, so I thought I’d documment how to generate a server TLS certificate using CACert. This can be useful if you are running a mail or web server and easily (and cost free) want to support TLS for integrity/confidentiality. I just re-installed my secondary mail server, and tested this recipe with Exim4 with Debian. See below for a step-by-step howto.

First make sure you have the GnuTLS command line tools installed:

kniv:~# apt-get install gnutls-bin

The next step is to generate a private key:

kniv:/etc/exim4# certtool –generate-privkey –outfile exim.key
Generating a 2048 bit RSA private key…

You can use --dsa if you want to use DSA instead of RSA, and can change the key size using --bits. The default is 2048-bit RSA which should be good enough for most people.

The next step is to generate a Certificate Request. CACert only looks at the Common Name field, so I left the rest empty. If you are using some commercial CA, you may need to enter something in the other fields.

kniv:/etc/exim4# certtool –generate-request –load-privkey exim.key –outfile exim.csr
Generating a PKCS #10 certificate request…
Country name (2 chars):
Organization name:
Organizational unit name:
Locality name:
State or province name:
Common name: kniv.josefsson.org
Enter a challenge password:

Then login to CACert and click on ‘Server Certificates’ and then ‘New’. It will ask you to paste in the certificate request. Here you paste in the content of the exim.csr file. CACert will ask you to confirm the hostname. After that it will show a certificate in the resulting web page. Put the certificate in a file exim.crt like this:

kniv:/etc/exim4# cat>exim.crt

That’s it!

You need to finish the Exim4 configuration. Below ^D means to type ctrl-d.

kniv:/etc/exim4# chgrp Debian-exim exim.key
kniv:/etc/exim4# chmod g+r exim.key
kniv:/etc/exim4# cat>/etc/exim4/conf.d/main/000_local
MAIN_LOG_SELECTOR=+tls_cipher +tls_peerdn
kniv:/etc/exim4# update-exim4.conf
kniv:/etc/exim4# /etc/init.d/exim4 restart
Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.

You can test the setup by using gnutls-cli. Again, ^D means ctrl-d.

kniv:/etc/exim4# gnutls-cli -s -p 25 kniv.josefsson.org
Resolving 'kniv.josefsson.org'...
Connecting to ''...

- Simple Client Mode:

220 kniv ESMTP Exim 4.69 Thu, 16 Apr 2009 18:10:19 +0200
ehlo foo
250-kniv Hello kniv.josefsson.org []
250-SIZE 52428800
250 HELP
220 TLS go ahead
*** Starting TLS handshake
- Successfully sent 0 certificate(s) to server.
- Ephemeral Diffie-Hellman parameters
 - Using prime: 2056 bits
 - Secret key: 2040 bits
 - Peer's public key: 2048 bits
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'kniv.josefsson.org'.
 # valid since: Thu Apr 16 17:22:41 CEST 2009
 # expires at: Sat Apr 16 17:22:41 CEST 2011
 # fingerprint: 21:C5:4E:60:02:02:93:9A:3B:B6:F0:D6:8E:6B:6C:B0
 # Subject's DN: CN=kniv.josefsson.org
 # Issuer's DN: O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert Class 3 Root

- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- Compression: NULL
221 kniv closing connection
- Peer has closed the GNUTLS connection

Syndicated 2009-04-16 15:51:02 from Simon Josefsson's blog

OpenWRT 8.09 plus Huawei E220

Now that OpenWRT 8.09 has been released, I finally took the time to write down my notes on how to use it together with the Huawei E220 dongle, which supports 3G/HSDPA.

Huawei E220

The writeup on how to do this is long, so I put it at a separate page:

Syndicated 2009-03-05 15:39:53 from Simon Josefsson's blog

14 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!