Mail Archives: cygwin/2009/08/13/11:22:20
--npbjE3dh3wBH6WIP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2009-08-12 20:29, Yaakov (Cygwin/X) wrote:
> On 12/08/2009 14:55, Alec Kloss wrote:
> >I'm not having much luck with heimdal-1.2.1 from cygwin-ports trunk
> >on Cygwin 1.7 beta. This is all downloaded today. cygwin-ports
> >revision 7337.
>=20
> 1) If patch(1) is segfaulting, something else is wrong with your=20
> installation.
Hrm... there appears to be some problems with the filesystem in
cygwin 1.7. I was working on an OpenAFS volume where patch was
segfaulting. Working on a NTFS volume doesn't segfault.
Unfortunately, I'm still having trouble with
heimdal-1.2.1-1.cygport. Running "cygport heimdal-1.2.1-1.cygport"
results in:
>>> Preparing heimdal-1.2.1-1
*** Info: SOURCE 1 signature follows:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Mon Jul 28 07:33:35 2008 CDT using DSA key ID
45D901D8
gpg: Can't check signature: public key not found
>>> Unpacking source heimdal-1.2.1.tar.gz
*** Info: applying patch 001_all_heimdal-no_libedit.patch:
patching file cf/krb-readline.m4
*** Info: applying patch 003_all_heimdal-rxapps.patch:
patching file appl/kx/rxtelnet.in
Hunk #1 succeeded at 2 with fuzz 1.
patching file appl/kx/rxterm.in
Hunk #1 succeeded at 2 with fuzz 1.
*** Info: applying patch 014_all_heimdal-path.patch:
*** Info: applying patch 022_all_heimdal-as-needed.patch:
patching file lib/roken/Makefile.am
Hunk #1 succeeded at 110 (offset 3 lines).
patching file lib/editline/Makefile.am
*** Info: applying patch heimdal-r23238-kb5_locl_h-wind_h.patch:
patching file lib/krb5/Makefile.am
*** Info: applying patch heimdal-r23235-kb5-libwind_la.patch:
*** Info: applying patch heimdal-kdc-sans_pkinit.patch:
patching file kdc/Makefile.am
*** Info: applying patch heimdal-system_sqlite.patch:
*** Info: applying patch heimdal-symlinked-manpages.patch:
*** Info: applying patch heimdal-autoconf-ipv6-backport.patch:
patching file cf/krb-ipv6.m4
patching file lib/roken/mini_inetd.c
*** ERROR: patch 1.2.1-no-editline.patch will not apply
> 2) Why is your cygport(1) under /usr/local? The cygport packages that=20
> are part of the distro (curr. 0.9.9) install under /usr.
I compiled my own from the Subversion trunk sources. I also just
installed the cygport binary and it behaves exactly the same way.
> >I've had success compiling Heimdal 1.2 directly and linking openssh
> >to it to get GSSAPI authentication working but it seems like
> >getting cygwin-ports to do the work would be a better solution.
>=20
> The major difference if you built heimdal OOTB is that you have only=20
> static libraries; the Ports .cygport makes shared libs as well.
That's true.
> I just uploaded the binary packages here:
>=20
> ftp://ftp.cygwinports.org/pub/cygwinports/release-2/heimdal/
>=20
> You'll have to download them manually for now.
Hrm, these must be cygwin packages; just untarring them doesn't
appear to be sufficient. Pointing Cygwin's setup-1.7.exe at
ftp://ftp.cygwinports.org/pub/cygwinports/ seems to download the
setup-2.bz2 file, but I the setup-2.bz2.sig doesn't survive the
signature testing. I'm (obviously) no cygwin packaging expert
so if someone can give me a hint about this, that'd be great.
> One reason I haven't ITP'd this build is because I have no means of=20
> testing it in real world scenarios. 'make check' did pass, so that's=20
> promising, but I need someone else who is familiar with KRB5 to tell me=
=20
> it really works (or tell me how else I could test it).
I can probably find some time to test a small installation. I'd
think most users would just want the client tools and the GSSAPI
integration in sshd to work. I'd be a little surprised if someone
wanted to run a KDC under cygwin, but one never knows.
The earlier poster had openssh linked against MIT Kerberos for
Windows. This has a significant advantage over linking for heimdal
in that KfW can use the MSLSA ticket cache. This means a user
could sit at a workstation, log in using their Windows domain
username and password, click the cygwin icon, type "ssh
myfavoriteserver" and be logged in without any additional password
prompting. I don't think heimdal can access the MSLSA cache, so...
someone needs to think about if/when a kerberized openssh is
included in cygwin if it should link against cygwin-compiled
heimdal or against MIT KfW.=20=20
--=20
Alec Kloss alec AT SetFilePointer DOT com IM: daemonalec AT gmail DOT com
PGP key at http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xA241980E
"No Bunny!" -- Simon, http://wiki.adultswim.com/xwiki/bin/Frisky+Dingo/Simon
--npbjE3dh3wBH6WIP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFKhC+XkQ6e6D/NCvIRAjTyAKCo0ocGeIrid27Z6EPOYzOfeIeCsACghmla
0SCPx9JgTDLVGs8G9o5q9qI=
=eIVh
-----END PGP SIGNATURE-----
--npbjE3dh3wBH6WIP--
- Raw text -