Bug 51837

Created attachment 31891 [details]
The actual ebuild

This ebuild worked great for me - thanks!

For krb5afs, I had to add a ".libs/" prefix to get pam_krb5afs.so installed.


--- pam_krb5-1.3_rc7.ebuild     2004-05-28 13:34:48.000000000 -0700
+++ pam_krb5-1.3_rc7.ebuild     2004-05-28 13:36:26.000000000 -0700
@@ -43,7 +43,7 @@

        if use afs; then
                if [ -f .libs/pam_krb5afs.so ]; then
-                       doexe pam_krb5afs.so
+                       doexe .libs/pam_krb5afs.so
                        doman pam_krb5afs.5 pam_krb5afs.8
                fi
        fi

This ebuild seems to be working fine for me on amd64 (mit-krb5 1.3.1-r1, pam 0.77). ~amd64 needs to be added to the keywords list, though.

I tested the ebuild on another ~x86 with pam 0.77-r1 and mit-krb5 1.3.3 and the new ebuild works great.  Thanks for writing it.  I had written my own ebuild, but this one's definitely a better one to add to the portage tree.  Now we just need to get it out there so people can stop complaining about the pam_krb5-1.0 ebuild.  

Created attachment 33031 [details]
New version of the ebuild

This is an improved version of the ebuild, which has the following issues
fixed:

* included fix for proper installation of pam_krb5afs.so (s. comment #3)

* pam_krb5 doesn't seem to work properly with mit-krb5, thus the kerberos
dependency checks for app-crypt/heimdal instead of virtual/krb5

* for afs support, kth-krb and openafs (!!! I'm not sure about the latter one,
so correct me if I'm wrong !!!) need to be installed -> added these as
dependencies for USE="afs"

Again, I would be grateful for intense testing... Please report your
experiences with non-x86 platforms here, too!

If everything works, it would be great to see that in the portage tree.

Regards,
Torsten

The new ebuild works, but I think it should depend on virtual/krb5.  I just tested it on an mit-krb5 system, and it works just fine.  I can't attest to it with AFS, since I don't use that, but the module is the one I've been using for a while with mit-krb5 and the ebuild did a fine job of installing it for me on ~x86.

Created attachment 33566 [details, diff]
Again a new version ;o)

Hello again,

attached is a new version of the ebuild. Changes to the previous version are as
follows:

1. Corrected dependencies:
   virtual/krb5 is mandatory
   if afs is in your USE flags, it gets more specific and demands
   app-crypt/heimdal along with net-fs/openafs and app-crypt/kth-krb

   Probably this is the best solution for now, until someone with a clean
mit-krb5 setup successfully gets the pam_krb5afs module compiled, so we can
rely on it for afs support. Helpful remarks are most welcome...

2. Another major change is the version:
   Now the source of the latest public CVS snapshot (2003.06.01) is pulled,
which seems to work at least as stable as the 1.3-rc7. According to the
sourceforge mailing list it has almost all reported bugs fixed as well as some
minor enhancements.

Now, after the positive replies on the previous version, does anyone in charge
feel comfortable with getting this into the portage CVS soon?

Thanks for your support, guys!
Torsten

Comment 9 Robin Johnson 2004-07-16 01:40:16 UTC

ryan: sorry, assigning this to pam-bugs so it doesn't get missed.

Comment 10 Ryan Phillips (RETIRED) 2004-07-20 10:00:07 UTC

Committed. Thank you.

This might be a silly question, but where exactly is it committed? It's still _not_ present in the portage tree (and it's the *ONLY* working pam_krb5 around).

G.A.,

try app-crypt/pam_krb5 ;o)

and be happy - it's the last ebuild I mentioned, again revised and commited for half a year now.

Be warned if you use Heimdal, I only tested this stuff with M.I.T. krb5 and it works perfectly on our server.

Btw., emerge comes with a very nice function:
emerge search

You should try
emerge search krb5 ;o)

Regards,
Torsten