Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 58579 - openssh ldap public key patch
Summary: openssh ldap public key patch
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Daniel Ahlberg (RETIRED)
URL: http://ldappubkey.gcu-squad.org/
Whiteboard:
Keywords:
: 93949 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-07-27 12:18 UTC by Guy Martin (RETIRED)
Modified: 2008-05-31 00:36 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
penssh-3.8.1_p1-r1 ebuild with ldap public key support (openssh-3.8.1_p1-r1.ebuild,4.42 KB, text/plain)
2004-07-27 12:19 UTC, Guy Martin (RETIRED) 		Details
openssh-3.9 ldap public key patch (ldappubkey-ossh3.9p1-v201.patch,22.31 KB, patch)
2005-01-04 05:50 UTC, Guy Martin (RETIRED) 		Details | Diff
new lpk patch (openssh-lpk-3.9p1-0.3.3-gentoo.patch,42.02 KB, patch)
2005-05-24 02:17 UTC, Andrea Barisani (RETIRED) 		Details | Diff
openssh-3.9_p1-r3 ebuild with lpk support (openssh-3.9_p1-r3.ebuild,4.56 KB, text/plain)
2005-05-24 02:19 UTC, Andrea Barisani (RETIRED) 		Details
latest lpk patch (openssh-lpk-3.9p1-0.3.4.patch,43.52 KB, patch)
2005-05-26 01:03 UTC, Andrea Barisani (RETIRED) 		Details | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guy Martin (RETIRED) gentoo-dev 2004-07-27 12:18:08 UTC 
Hello

I've done a ebuild to support ldap public key for authenticating on a sshd server.
It's working fine here.

I had to fix cosmetic stuff in the patch for 3.8.1. That's why the patch is in my dev space.

The only problem would be that ldap and X509 patch don't work with each other.
Maybe prefer one by default if both are selected.

Attachement follows
Comment 1 Guy Martin (RETIRED) gentoo-dev 2004-07-27 12:19:07 UTC 
Created attachment 36276 [details]
penssh-3.8.1_p1-r1 ebuild with ldap public key support
Comment 2 Guy Martin (RETIRED) gentoo-dev 2005-01-04 05:50:36 UTC 
Created attachment 47575 [details, diff]
openssh-3.9 ldap public key patch

This is a updated patch for openssh-3.9
To make the ebuild work, just patch the sources and add this before ./configure
:

    if use ldap
    then
	append-ldflags '-lldap -llber'
	export LDFLAGS
	append-flags -DWITH_LDAP_PUBKEY
	filter-flags -funroll-loops
    fi
Comment 3 Andrea Barisani (RETIRED) gentoo-dev 2005-05-20 01:49:14 UTC 
This project looks actively supported and well documented:

http://www.opendarwin.org/en/projects/openssh-lpk/

so that looks like a better candidate for an eventual portage inclusion.
Comment 4 solar (RETIRED) gentoo-dev 2005-05-23 08:20:25 UTC 
-funroll-loops seems strange one to force. Is there a reson for this?
Comment 5 Guy Martin (RETIRED) gentoo-dev 2005-05-23 08:29:06 UTC 
filter-flags -funroll-loops comes from the original ebuild. I don't know why
it's there.
Comment 6 solar (RETIRED) gentoo-dev 2005-05-23 08:45:02 UTC 
Sorry don't listen to me. I commented on this before I finished my coffee and
for whatever reason read the filter-flags as an append-flags.
Comment 7 Andrea Barisani (RETIRED) gentoo-dev 2005-05-24 02:17:45 UTC 
Created attachment 59684 [details, diff]
new lpk patch

New patch with a minor fix that changes default behaviour (lpk disabled) and
doesn't touch default sshd_config except for lpk commented declarations.
Comment 8 Andrea Barisani (RETIRED) gentoo-dev 2005-05-24 02:19:55 UTC 
Created attachment 59685 [details]
openssh-3.9_p1-r3 ebuild with lpk support

New ebuild that applies the previously attached patch.
Comment 9 Andrea Barisani (RETIRED) gentoo-dev 2005-05-24 02:24:39 UTC 
Right now we at -infra are using the patch on our soon_to_be ldap server and
it works fine, the only weird thing is that with patched openssh the 'Last Login'
message usually printed after connecting is not shown.

That happens leaving the configuration untouched. I looked into the code and
nothing seems to modify the loginrec.c behaviour.

Any idea or what could it be?
Comment 10 Andrea Barisani (RETIRED) gentoo-dev 2005-05-25 08:15:47 UTC 
*** Bug 93949 has been marked as a duplicate of this bug. ***
Comment 11 Andrea Barisani (RETIRED) gentoo-dev 2005-05-26 01:03:41 UTC 
Created attachment 59857 [details, diff]
latest lpk patch

New patch for upstream with the fixes I proposed, also the 'last login' bit
seems 
to be fixed.
Comment 12 SpanKY gentoo-dev 2005-05-27 18:27:43 UTC 
added support to 3.8.1, 3.9, and 4.0

the x509 and ldap patches conflict though, so x509 is given preference in the
case of USE="x509 ldap"
Comment 13 Martin Cyr 2008-05-31 00:35:34 UTC 
Doesn't the LPK patch requires a change to the LDAP schema? Then perhaps the corresponding schema should be included in the package, either installed in etc/openldap/schema/openssh-lpk.schema or in doc/openssh/openldap-lpk.schema.

I think this one would do:
http://dev.inversepath.com/openssh-lpk/openssh-lpk_openldap.schema