[OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11

Christian Ospelkaus christian@core-coutainville.org
Thu, 14 Apr 2005 21:02:55 +0200


--Boundary-00=_f5rXC2SaMBxN7G3
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

> Hm, maybe we should look at that one for Debian, since right now we have a
> module with no active upstream.  Do you know what has been changed since
> Cusack's 1.0 release off-hand?  (I'll go take a look later, but I'm
> juggling several balls at once at the moment, and I'd love to hear a user
> perspective on why that module is better than what's in Debian already.)

I like it because it allows me to force credential refreshing with the 
screensaver and has both the afs and kerberors part in one module and because 
it worked :-). Fixing the compilation errors with heimdal turns out easier 
than expected. To build the current CVS of that module on woody, the build 
directory should contain the "tools" directory so that the automake version 
included in woody doesn't fail. For building on sarge, the acinclude.m4 file 
must be changed:

diff -Nru pam_krb5.orig/acinclude.m4 pam_krb5/acinclude.m4
--- pam_krb5.orig/acinclude.m4 2003-08-12 10:52:18.083348400 +0200
+++ pam_krb5/acinclude.m4 2005-04-14 19:50:42.384158115 +0200
@@ -411,7 +411,7 @@
     fi
 
     AC_MSG_CHECKING([which implementation of Kerberos we have])
-    AC_TRY_LINK_FUNC(__heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit")
+    AC_CHECK_DECL(heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit",[#include 
<krb5.h>])
     AC_MSG_RESULT([looks like $KRB5IMPL])
     
     dnl if $ac_cv_krb5_libs was not set we defaulted to Heimdal libraries,

This is because heimdal 0.6x doesn't seem to offer __heimdal_version() I'll 
submit a bug report to http://sourceforge.net/projects/pam-krb5/. Attached is 
a script to compile the current cvs with that patch and the tools directory 
created. Below some comments from the READMEs for that module. Can somebody 
else check if it compiles against MIT with these modifications?

Christian

----------------------------- From README.heimdal:
Heimdal port:
=============
It's now able to get krb5 tgt,
convert krb5 tgt to krb4 tgt (krb524),
get afs tokens with krb5_afslog,
optinal native kth-krb4 ticket grabing.

New codes which are not in the main pam_krb5:
---------------------------------------------
I wrote a new code which is usefull e.g at ssh with token
forwarding. It try to use and convert the forwarded krb5 tgt
to krb4 tgt and to afs tokens. (like pam_openafs_session)

It can convert krb5 tgt to krb4 tgt (krb524) with Heimdal
and with MIT Kerberos V.

New refresh_creds option. See more in the README.

It is now in beta status.

Please, mail me if you can or can't use this port.
Any feature request and bug report are welcome.

Balazs Gal <balsa@rit.bme.hu>
Sat,  3 Aug 2002

----------------------------- From README.Debian
pam-krb5 for Debian
----------------------

The original pam_krb5 was portred to Heimdal by Balazs Gal

 -- Balazs GAL <balsa@rit.bme.hu>, Thu,  6 Jun 2002 20:14:15 +0200

--Boundary-00=_f5rXC2SaMBxN7G3
Content-Type: application/x-shellscript;
  name="compile_pam-krb5_cvs"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="compile_pam-krb5_cvs"

#!/bin/bash
rm -rf pam_krb5 pam_krb5.orig
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pam-krb5 login
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pam-krb5 co -P pam_krb5
cd pam_krb5
mkdir tools
( cat <<EOF 
diff -Nru pam_krb5.orig/acinclude.m4 pam_krb5/acinclude.m4
--- pam_krb5.orig/acinclude.m4  2003-08-12 10:52:18.083348400 +0200
+++ pam_krb5/acinclude.m4       2005-04-14 19:50:42.384158115 +0200
@@ -411,7 +411,7 @@
     fi

     AC_MSG_CHECKING([which implementation of Kerberos we have])
-    AC_TRY_LINK_FUNC(__heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit")
+    AC_CHECK_DECL(heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit",[#include <krb5.h>])
     AC_MSG_RESULT([looks like \$KRB5IMPL])

     dnl if \$ac_cv_krb5_libs was not set we defaulted to Heimdal libraries,
EOF
) | patch
./bootstrap
fakeroot dpkg-buildpackage

--Boundary-00=_f5rXC2SaMBxN7G3--