There is a kerberos plugin for net-ftp/proftpd. It would be nice to have a chance to use proftpd instead of the ftpd provided with Heimdal, for example. Currently, the description of mod_gss says: A new version of the GSS/Kerberos module for proftpd has been released. It support proftpd 1.3.0 with MIT, Heimdal, Sun's SEAM or IBM's NAS Kerberos implementation. It is available from http://gssmod.sourceforge.net and http://sourceforge.net/projects/gssmod/
I will see today, what i can do ;)
Yes please!
Still no news about it ?
Last update in CVS was for 1.3.1 16 months ago, is it working with 1.3.2? Sorry I don't use kerberos at all, but I'll gladly commit any working patch for it if someone gets it to work with 1.3.2 :)
The website says above 1.3.1. I tried to assemble an improved ebuild but fail with this: make[2]: Entering directory `/var/tmp/portage/net-ftp/proftpd-1.3.2-r2/work/proftpd-1.3.2/lib/libltdl' cd . && /bin/sh /var/tmp/portage/net-ftp/proftpd-1.3.2-r2/work/proftpd-1.3.2/lib/libltdl/missing --run autoheader configure.ac:70: warning: AC_CACHE_VAL(lt_prog_compiler_static_works, ...): suspicious cache-id, must contain _cv_ to be cached ../../lib/autoconf/general.m4:1974: AC_CACHE_VAL is expanded from... ../../lib/autoconf/general.m4:1994: AC_CACHE_CHECK is expanded from... acinclude.m4:611: AC_LIBTOOL_LINKER_OPTION is expanded from... acinclude.m4:2492: _LT_AC_LANG_C_CONFIG is expanded from... acinclude.m4:2491: AC_LIBTOOL_LANG_C_CONFIG is expanded from... acinclude.m4:95: AC_LIBTOOL_SETUP is expanded from... acinclude.m4:75: _AC_PROG_LIBTOOL is expanded from... acinclude.m4:40: AC_PROG_LIBTOOL is expanded from... configure.ac:70: the top level configure.ac:70: warning: AC_CACHE_VAL(lt_prog_compiler_pic_works, ...): suspicious cache-id, must contain _cv_ to be cached acinclude.m4:568: AC_LIBTOOL_COMPILER_OPTION is expanded from... acinclude.m4:4546: AC_LIBTOOL_PROG_COMPILER_PIC is expanded from... configure.ac:70: warning: AC_CACHE_VAL(lt_prog_compiler_pic_works_CXX, ...): suspicious cache-id, must contain _cv_ to be cached acinclude.m4:2600: _LT_AC_LANG_CXX_CONFIG is expanded from... acinclude.m4:2599: AC_LIBTOOL_LANG_CXX_CONFIG is expanded from... acinclude.m4:1646: _LT_AC_TAGCONFIG is expanded from... configure.ac:70: warning: AC_CACHE_VAL(lt_prog_compiler_pic_works_F77, ...): suspicious cache-id, must contain _cv_ to be cached acinclude.m4:3667: _LT_AC_LANG_F77_CONFIG is expanded from... acinclude.m4:3666: AC_LIBTOOL_LANG_F77_CONFIG is expanded from... configure.ac:70: warning: AC_CACHE_VAL(lt_prog_compiler_pic_works_GCJ, ...): suspicious cache-id, must contain _cv_ to be cached acinclude.m4:3767: _LT_AC_LANG_GCJ_CONFIG is expanded from... acinclude.m4:3766: AC_LIBTOOL_LANG_GCJ_CONFIG is expanded from... rm -f stamp-h1 touch config-h.in cd . && /bin/sh ./config.status config.h config.status: creating config.h config.status: config.h is unchanged make all-am make[3]: Entering directory `/var/tmp/portage/net-ftp/proftpd-1.3.2-r2/work/proftpd-1.3.2/lib/libltdl' /bin/sh ./libtool --tag=CC --mode=compile i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -O2 -march=pentium4 -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb -c -o ltdl.lo ltdl.c ./libtool: line 454: CDPATH: command not found ./libtool: line 1146: func_opt_split: command not found libtool: Version mismatch error. This is libtool 2.2.6, but the libtool: definition of this LT_INIT comes from an older release. libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6 libtool: and run autoconf again. make[3]: *** [ltdl.lo] Error 63 make[3]: Leaving directory `/var/tmp/portage/net-ftp/proftpd-1.3.2-r2/work/proftpd-1.3.2/lib/libltdl'
Created attachment 182897 [details] proftpd-1.3.2-r2.ebuild Introduces heimdal and mit-krb5 USE flags as user might have installed both but the module will be generated&compiled only against one. Thus. virtual/krb5 and USE=kerberos are out.
Thanks a lot for your ebuild and time on this bug! It fails because proftpd includes an old bundled libltdl (from libtool), that system libtool does not like (if you have 2.2.* installed for example). We did not see that before, because the dynamic loader was not enabled (but needed for mod_gss). We'll have to unbundle it (and use system libltdl) In the meantime, I'll attach my current WIP ebuild, a bit simpler as heimdal and mit-krb5 can not be installed at the same time, so we just have to check which is installed
Created attachment 183076 [details] proftpd-1.3.2-r2.ebuild
OK, it should work. Can you try proftpd-1.3.2-r2 in portage? (wait a few hours for sync if it does not have kerberos USE flag)
(In reply to comment #9) > OK, it should work. Can you try proftpd-1.3.2-r2 in portage? (wait a few hours > for sync if it does not have kerberos USE flag) > Compiles fine now. Hmm, please make also the two README* files installed under dodoc(). Probably this will have to be rewritten: /usr/local/etc/proftpd.keytab (from http://gssmod.cvs.sourceforge.net/viewvc/gssmod/mod_gss/mod_gss/README.mod_gss?revision=1.11&view=markup) Probably ask kerberos crew on proposing the best filename&location.
Thanks for confirmation! I've also added the README files install with USE=kerberos
Did you change the /usr/local/etc/proftpd.keytab path something else? Probably /etc/proftpd.keytab would be best. I just wonder whether that is a remnant of krb4 support ...
Sorry, forgot about that part. @kerberos, any thoughts on comment #10? Leave the suggested name, point to some specific file in /etc
This issue is REOPENED for a long while due to the proposed location of proftpd.keytab file it used to compile fine. Would kerberos@ please come up with their insight? Thanks.
Putting the keytab under /etc is fine. Bug #324903 has proftpd working with kerberos btw. Is this bug still relevant?
(In reply to comment #12) > Did you change the /usr/local/etc/proftpd.keytab path something else? Probably > /etc/proftpd.keytab would be best. I just wonder whether that is a remnant of > krb4 support ... > In proftpd-1.3.3/config.log I see only test for krb.h, i.e. for the kerberos IV header file. However, I do see gcc complaining about gss* symbols and and krb5 libs in LIBS variable. In "equery files proftpd" I do not see any *.keytab file which is NOWADAYS correct for two reasons: 1. the file is useful only for sites with krb4 in use, not to those with krb5 2. krb4 support was dropped from Gentoo already some years ago I think The original ebuild is in the tree and already in some evolved form. Closing as FIXED while the krb4 issue is now obsolete. Thanks to everybody.