Summary: | net-ftp/proftpd - Using kerberos results in blockers between various ebuilds depending on app-crypt/heimdal or app-crypt/mit-krb5 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Alex Buell <alex.buell> |
Component: | New packages | Assignee: | Gentoo's FTP Packages Maintainers <net-ftp> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | 10.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Alex Buell
2010-06-21 07:35:12 UTC
(In reply to comment #0) > Changing from proftpd to netkit-ftpd solved the problem for me but this > shouldn't happen. proftpd is the culprit. des and krb4 is not considered secure anymore and is off by default in later versions of mit-krb5. proftpd configure script should not assume that it can link against des425 anymore. Following patch should work: Jun 21 14:10:38 mod_auth_gss/1.3.3[8173]: GSSAPI-UPENN User client_name.value: testuser@CAF.COM.TR cmd->argv[0]: testuser. Jun 21 14:10:38 mod_auth_gss/1.3.3[8173]: GSSAPI-UPENN User testuser@CAF.COM.TR is authorized as testuser. Jun 21 14:10:38 south proftpd[8173]: south.caf.com.tr (south.caf.com.tr[127.0.0.1]) - USER testuser: Authenticated without password Jun 21 14:10:38 south proftpd[8173]: south.caf.com.tr (south.caf.com.tr[127.0.0.1]) - Preparing to chroot to directory '/tmp' Jun 21 14:10:38 south proftpd[8173]: south.caf.com.tr (south.caf.com.tr[127.0.0.1]) - USER testuser: Login successful. @net-ftp herd: You will need to decide on the suitability of the patch for general consumption as I do not use ftp and can't do much of a test. --- proftpd-1.3.3.ebuild 2010-06-17 21:08:16.000000000 +0000 +++ proftpd-1.3.3-r1.ebuild 2010-06-21 14:17:25.000000000 +0000 @@ -31,7 +31,7 @@ DEPEND="acl? ( sys-apps/acl sys-apps/attr ) caps? ( sys-libs/libcap ) clamav? ( app-antivirus/clamav ) - kerberos? ( || ( <app-crypt/mit-krb5-1.7 app-crypt/heimdal ) ) + kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) mysql? ( virtual/mysql ) ncurses? ( sys-libs/ncurses ) @@ -85,6 +85,15 @@ # Manipulate build system sed -i -e "s/utils install-conf install/utils install/g" Makefile.in sed -i -e "s/ @INSTALL_STRIP@//g" Make.rules.in + + if use kerberos ; then + if has_version app-crypt/mit-krb5 ; then + cd "${WORKDIR}"/mod_gss-${GSS_VER} || die "cd failed" + sed -i -e '/ac_gss_libs/s/\-ldes425\ //' configure{,.in} || \ + die "sed failed" + fi + fi + } src_configure() { @@ -102,7 +111,7 @@ use exec && mym="${mym}:mod_exec" if use kerberos ; then cd "${WORKDIR}"/mod_gss-${GSS_VER} - if has_version <app-crypt/mit-krb5-1.7 ; then + if has_version app-crypt/mit-krb5 ; then econf --enable-mit else econf --enable-heimdal Patch looks good, should go into proftpd ebuild for unstable testing. Thanks both of you for the report and the patch! I've just added 1.3.3-r1 in CVS, with an adapted patch from this one. This will be the next version to be marked stable (if all goes fine) |