Stephen Gallagher schreef op 20.12.2011 22:20:
On Tue, 2011-12-20 at 19:54 +0100, lists wrote:
> Stephen Gallagher schreef op di 20-12-2011 om 13:42 [-0500]:
> > On Tue, 2011-12-20 at 19:37 +0100, lists wrote:
> > > Hi,
> > >
> > > Would it be possible to extend SSSD and also support Heimdal as
> Kerberos
> > > client implementation?
> > >
> > > This patch seems to provide just that:
> > >
>
http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/sssd/sssd-heimda...
> > >
> > > My setup is as follows:
> > > - server with
> > > - Heimdal KDC
> > > - openldap
> > > - pam_ldap / nss_ldap
> > >
> > > - laptops/workstations with
> > > - mit kerberos clients
> > > - SSSD
> > >
> > > I would like to use SSSD on all my machines, but because SSSD
> does not
> > > support Heimdal I cannot replace pam_ldap/nss_ldap on the
> server.
> > >
> > > Maybe you could consider this patch and add it to SSSD?
> >
> >
> > Well, this patch as-is won't work (because it disables support for
> MIT
> > Kerberos while adding support for Heimdal. We may be able to add
> support
> > for choosing the kerberos implementation at build-time.
> >
> > It's going to be difficult to test for us, however. Most of our
> > development is done on Fedora, which has no standalone Heimdal
> package
> > (this is because MIT kerberos and Heimdal cannot currently coexist
> on
> > the same system because they conflict with some files (like
> libkrb5.so).
> >
> > I can work up a possible patch, but I'd need you to be able to
> help test
> > it. Is that something you'd be willing to work on?
> That would be great. I can help to test it. I will also file an
> enhancement request.
Ok, I've got a first-pass of the Heimdal compatibility layer. I've
attached the patch (which applies cleanly on the current master). You
could also clone my public git repo at
git://fedorapeople.org/home/fedora/sgallagh/public_git/sssd.git
and then 'git checkout heimdal'.
You can then build with 'autoreconf -if && ./configure [appropriate
distro flags] && make'
(Then finally, 'make install' as root).
I used the git route. My distro is gentoo, and I am using Heimdal
1.4.1.
This is what I used as configure command;
./configure --prefix=/usr --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --libdir=/usr/lib64
--disable-dependency-tracking --localstatedir=/var
--enable-nsslibdir=/lib64 --with-plugin-path=/usr/lib64/sssd
--enable-pammoddir=//lib64/security
--with-ldb-lib-dir=/usr/lib64/ldb/modules/ldb --without-nscd
--with-unicode-lib=libunistring --without-selinux --without-semanage
--without-python-bindings --enable-krb5-locator-plugin --enable-nls
--without-libnl
and configure asks me to report this:
....
checking for pcre_compile in -lpcre... yes
checking for krb5-config... /usr/bin/krb5-config
checking for working krb5-config... yes
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking krb5/krb5.h usability... no
checking krb5/krb5.h presence... no
checking for krb5/krb5.h... no
checking for krb5_ticket_times... no
checking for krb5_times... yes
checking for krb5_get_init_creds_opt_alloc... yes
checking for krb5_get_error_message... yes
checking for krb5_free_unparsed_name... yes
checking for krb5_get_init_creds_opt_set_expire_callback... no
checking for krb5_get_init_creds_opt_set_fast_ccache_name... no
checking for krb5_get_init_creds_opt_set_fast_flags... no
checking for krb5_get_init_creds_opt_set_canonicalize... yes
checking for krb5_unparse_name_flags... yes
checking for krb5_get_init_creds_opt_set_change_password_prompt... no
checking for krb5_free_keytab_entry_contents... no
checking for krb5_kt_free_entry... yes
checking for krb5_princ_realm... yes
checking for krb5_get_time_offsets... no
checking for krb5_principal_get_realm... yes
checking krb5/locate_plugin.h usability... no
checking krb5/locate_plugin.h presence... yes
configure: WARNING: krb5/locate_plugin.h: present but cannot be
compiled
configure: WARNING: krb5/locate_plugin.h: check for missing
prerequisite headers?
configure: WARNING: krb5/locate_plugin.h: see the Autoconf
documentation
configure: WARNING: krb5/locate_plugin.h: section "Present But
Cannot Be Compiled"
configure: WARNING: krb5/locate_plugin.h: proceeding with the
compiler's result
configure: WARNING: ##
------------------------------------------------ ##
configure: WARNING: ## Report this to
sssd-devel(a)lists.fedorahosted.org ##
configure: WARNING: ##
------------------------------------------------ ##
checking for krb5/locate_plugin.h... no
configure: Kerberos locator plugin cannot be build
checking ares.h usability... yes
....
Compilation fails with this error:
.....
libtool: link: ( cd ".libs" && rm -f "libsss_util.la"
&& ln -s
"../libsss_util.la" "libsss_util.la" )
\
# source='src/util/sss_krb5.c'
object='src/util/libsss_ldap_la-sss_krb5.lo' libtool=yes
/bin/sh ./libtool --tag=CC --mode=compile x86_64-pc-linux-gnu-gcc
-DHAVE_CONFIG_H -I. -Wall -Iinclude -I.. -I./include -I./src/sss_client
-I./src -Iinclude -I. -I/usr/include/dbus-1.0
-I/usr/lib64/dbus-1.0/include -DLIBDIR=\"/usr/lib64\"
-DVARDIR=\"/var\" -DSHLIBEXT=\"\"
-DSSSD_LIBEXEC_PATH=\"/usr/libexec/sssd\" -DSSSD_INTROSPECT_PATH=\"\"
-DSSSD_CONF_DIR=\"/etc/sssd\"
-DSSS_NSS_SOCKET_NAME=\"/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/var/lib/sss/pipes/pam\"
-DSSS_PAM_PRIV_SOCKET_NAME=\"/var/lib/sss/pipes/private/pam\"
-DSSS_SUDO_SOCKET_NAME=\"/var/lib/sss/pipes/sudo\"
-DLOCALEDIR=\"/usr/share/locale\" -Wall -Wshadow -Wstrict-prototypes
-Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings
-Werror-implicit-function-declaration -fno-strict-aliasing
-I/usr/include -I/usr/include -g -O2 -D_FILE_OFFSET_BITS=64
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -c -o
src/util/libsss_ldap_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' ||
echo './'`src/util/sss_krb5.c
libtool: compile: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -Wall
-Iinclude -I.. -I./include -I./src/sss_client -I./src -Iinclude -I.
-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
-DLIBDIR=\"/usr/lib64\" -DVARDIR=\"/var\" -DSHLIBEXT=\"\"
-DSSSD_LIBEXEC_PATH=\"/usr/libexec/sssd\" -DSSSD_INTROSPECT_PATH=\"\"
-DSSSD_CONF_DIR=\"/etc/sssd\"
-DSSS_NSS_SOCKET_NAME=\"/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/var/lib/sss/pipes/pam\"
-DSSS_PAM_PRIV_SOCKET_NAME=\"/var/lib/sss/pipes/private/pam\"
-DSSS_SUDO_SOCKET_NAME=\"/var/lib/sss/pipes/sudo\"
-DLOCALEDIR=\"/usr/share/locale\" -Wall -Wshadow -Wstrict-prototypes
-Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings
-Werror-implicit-function-declaration -fno-strict-aliasing
-I/usr/include -I/usr/include -g -O2 -D_FILE_OFFSET_BITS=64
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -c src/util/sss_krb5.c -fPIC
-DPIC -o src/util/.libs/libsss_ldap_la-sss_krb5.o
src/util/sss_krb5.c: In function 'match_principal':
src/util/sss_krb5.c:396:5: warning: 'krb5_princ_realm' is deprecated
(declared at /usr/include/krb5-protos.h:3198)
src/util/sss_krb5.c:396:16: warning: assignment from incompatible
pointer type
src/util/sss_krb5.c: In function 'sss_krb5_free_unparsed_name':
src/util/sss_krb5.c:587:5: warning: 'krb5_free_unparsed_name' is
deprecated (declared at /usr/include/krb5-protos.h:1925)
src/util/sss_krb5.c: In function
'sss_krb5_get_init_creds_opt_set_canonicalize':
src/util/sss_krb5.c:925:5: warning: passing argument 1 of
'krb5_get_init_creds_opt_set_canonicalize' from incompatible pointer
type
/usr/include/krb5-protos.h:2254:1: note: expected 'krb5_context' but
argument is of type 'struct krb5_get_init_creds_opt *'
src/util/sss_krb5.c:925:5: warning: passing argument 2 of
'krb5_get_init_creds_opt_set_canonicalize' makes pointer from integer
without a cast
/usr/include/krb5-protos.h:2254:1: note: expected 'struct
krb5_get_init_creds_opt *' but argument is of type 'int'
src/util/sss_krb5.c:925:5: error: too few arguments to function
'krb5_get_init_creds_opt_set_canonicalize'
/usr/include/krb5-protos.h:2254:1: note: declared here
src/util/sss_krb5.c:925:5: warning: 'return' with a value, in function
returning void
src/util/sss_krb5.c: In function 'sss_krb5_princ_realm':
src/util/sss_krb5.c:935:12: warning: assignment discards qualifiers
from pointer target type
src/util/sss_krb5.c:936:5: warning: passing argument 1 of 'strlen' from
incompatible pointer type
/usr/include/string.h:399:15: note: expected 'const char *' but
argument is of type 'char **'
make[2]: *** [src/util/libsss_ldap_la-sss_krb5.lo] Error 1
make[2]: Leaving directory `/root/sssd/sssd'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/sssd/sssd'
make: *** [all] Error 2
note, I also tried Heimdal 1.5.1 with the same failure.
regards
J.