Some days ago I tried to merge the KerberosV Authentication module written by Frank Cusack (http://www.fcusack.com). It is in the portage tree as =app-crypt/pam_krb5-1.0 Obviously, this was Frank's first public version, doesn't seem to work with the current PAM-headers, thus the above mentioned ebuild fails. By looking through the deep, misty sourceforge archives, I found that a more mature and up2date version (based on Frank's) is maintained there, which builds perfectly alongside MIT-Krb5 1.3.3 and PAM 0.77 (http://sourceforge.net/projects/pam-krb5/). The attached ebuild works for me. (~x86, MIT-Krb5 1.3.3, PAM 0.77). Someone should check it against: - non-x86 architectures (Although I see no reason, why this shouldn't work) - Heimdal Krb5 implementation - Krb5AFS (via Heimdal) It would be great if it would be checked into the rsync-tree after thorough testing. Reproducible: Always Steps to Reproduce:
Created attachment 31891 [details] The actual ebuild
This ebuild worked great for me - thanks!
For krb5afs, I had to add a ".libs/" prefix to get pam_krb5afs.so installed. --- pam_krb5-1.3_rc7.ebuild 2004-05-28 13:34:48.000000000 -0700 +++ pam_krb5-1.3_rc7.ebuild 2004-05-28 13:36:26.000000000 -0700 @@ -43,7 +43,7 @@ if use afs; then if [ -f .libs/pam_krb5afs.so ]; then - doexe pam_krb5afs.so + doexe .libs/pam_krb5afs.so doman pam_krb5afs.5 pam_krb5afs.8 fi fi
This ebuild seems to be working fine for me on amd64 (mit-krb5 1.3.1-r1, pam 0.77). ~amd64 needs to be added to the keywords list, though.
I tested the ebuild on another ~x86 with pam 0.77-r1 and mit-krb5 1.3.3 and the new ebuild works great. Thanks for writing it. I had written my own ebuild, but this one's definitely a better one to add to the portage tree. Now we just need to get it out there so people can stop complaining about the pam_krb5-1.0 ebuild.
Created attachment 33031 [details] New version of the ebuild This is an improved version of the ebuild, which has the following issues fixed: * included fix for proper installation of pam_krb5afs.so (s. comment #3) * pam_krb5 doesn't seem to work properly with mit-krb5, thus the kerberos dependency checks for app-crypt/heimdal instead of virtual/krb5 * for afs support, kth-krb and openafs (!!! I'm not sure about the latter one, so correct me if I'm wrong !!!) need to be installed -> added these as dependencies for USE="afs" Again, I would be grateful for intense testing... Please report your experiences with non-x86 platforms here, too! If everything works, it would be great to see that in the portage tree. Regards, Torsten
The new ebuild works, but I think it should depend on virtual/krb5. I just tested it on an mit-krb5 system, and it works just fine. I can't attest to it with AFS, since I don't use that, but the module is the one I've been using for a while with mit-krb5 and the ebuild did a fine job of installing it for me on ~x86.
Created attachment 33566 [details, diff] Again a new version ;o) Hello again, attached is a new version of the ebuild. Changes to the previous version are as follows: 1. Corrected dependencies: virtual/krb5 is mandatory if afs is in your USE flags, it gets more specific and demands app-crypt/heimdal along with net-fs/openafs and app-crypt/kth-krb Probably this is the best solution for now, until someone with a clean mit-krb5 setup successfully gets the pam_krb5afs module compiled, so we can rely on it for afs support. Helpful remarks are most welcome... 2. Another major change is the version: Now the source of the latest public CVS snapshot (2003.06.01) is pulled, which seems to work at least as stable as the 1.3-rc7. According to the sourceforge mailing list it has almost all reported bugs fixed as well as some minor enhancements. Now, after the positive replies on the previous version, does anyone in charge feel comfortable with getting this into the portage CVS soon? Thanks for your support, guys! Torsten
ryan: sorry, assigning this to pam-bugs so it doesn't get missed.
Committed. Thank you.
This might be a silly question, but where exactly is it committed? It's still _not_ present in the portage tree (and it's the *ONLY* working pam_krb5 around).
G.A., try app-crypt/pam_krb5 ;o) and be happy - it's the last ebuild I mentioned, again revised and commited for half a year now. Be warned if you use Heimdal, I only tested this stuff with M.I.T. krb5 and it works perfectly on our server. Btw., emerge comes with a very nice function: emerge search You should try emerge search krb5 ;o) Regards, Torsten
