./configure --with-berkeley-db --with-x --enable-pthread-support --enable-kcm
compiles & passes make check on SUSE Leap 4.2
However the -aklog switch isn't working.
Cab someone verify the specifiv krb5.conf swirches to enable afskog?
I have 7.0.1 up in IBM's eclipse IDE which seems to work fine
tedc
From: Heimdal-discuss on behalf of
heimdal-discuss-requ...@h5l.org
Sent: Thursday, December 29, 2016 1:10 AM
To: heimdal-discuss@h5l.org
Subject: Heimdal-discuss Digest, Vol 8, Issue 10
Send Heimdal-discuss mailing list submissions to
heimdal-discuss@h5l.org
To subscribe or unsubscribe via the World Wide Web, visit
https://www.h5l.org/mailman/listinfo/heimdal-discuss
or, via email, send a message with subject or body 'help' to
heimdal-discuss-requ...@h5l.org
You can reach the person managing the list at
heimdal-discuss-ow...@h5l.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Heimdal-discuss digest..."
Today's Topics:
1. Re: Heimdal 7.1 and the sqlite backend (Harald Barth)
2. Re: Heimdal 7.1 no success with database backend (sqlite and
others) (Harald Barth)
3. KDC tests fail when unrelated ticket with time skew is at the
default location (Harald Barth)
4. Re: KDC tests fail when unrelated ticket with time skew is at
the default location (Ken Dreyer)
5. Re: KDC tests fail when unrelated ticket with time skew is at
the default location (Harald Barth)
--
Message: 1
Date: Wed, 28 Dec 2016 14:17:01 +0100 (CET)
From: Harald Barth
To: n...@cryptonector.com
Cc: heimdal-disc...@sics.se
Subject: Re: Heimdal 7.1 and the sqlite backend
Message-ID:
<20161228.141701.198933457262321705.h...@habook.pdc.kth.se>
Content-Type: Text/Plain; charset=us-ascii
> So, in /etc/krb5.conf you should have this:
>
> [hdb]
> db-dir = /var/heimdal
>
> (or wherever you put your HDB)
Sure, and then it gets more and more confusing. I now start the
kdc and the kadmin with -c /etc/krb5.conf and have a symlink
in /var/heimdal/kdc.conf pointing to /etc/krb5.conf.
# /usr/heimdal-7.1.0/libexec/kdc -c /etc/krb5.conf&
[1] 80459
# /usr/heimdal-7.1.0/bin/kadmin -l -c /etc/krb5.conf
kadmin> get *
kadmin: opening database: dbm_open(/var/heimdal/heimdal): No such file or
directory
kadmin: kadm5_get_principals: dbm_open(/var/heimdal/heimdal): No such file or
directory
kadmin> init TEST.PDC.KTH.SE
kadmin: hdb_open: hdb_open: failed initialize database /var/heimdal/heimdal
kadmin>
So kadmin is sure doing the wrong thing here
# cat /etc/krb5.conf
[hdb]
db-dir = /var/heimdal
dbname = sqlite:/var/heimdal/mydb.sqlite
[kdc]
database = {
dbname = sqlite:/var/heimdal/mydb.sqlite
realm = TEST.PDC.KTH.SE
}
require_preauth = true
enable-http = true
tgt-use-strongest-session-key = true
svc-use-strongest-session-key = true
preauth-use-strongest-session-key = true
use-strongest-server-key = true
kdc_warn_pwexpire = 1w
[logging]
kdc = 0-/FILE:/var/heimdal/kdc.log
kdc = 0-/SYSLOG:INFO:USER
default = 0-/FILE:/var/log/heimdal.log
Then I get the following logging from the kdc startup:
2016-12-28T13:57:20 label: default
2016-12-28T13:57:20 dbname: sqlite:/var/heimdal/mydb.sqlite
2016-12-28T13:57:20 mkey_file: sqlite:/var/heimdal/mydb.mkey
2016-12-28T13:57:20 acl_file: /var/heimdal/kadmind.acl
So the problem seems to be that I can not convince kadmin to open the
same database because I don't know what to write in the krb5.conf
to make that happen. I can verify with ktrace that /etc/krb5.conf
(see above) actually is read but then what logic is applied when
parsing - I have not found out how to follow that.
Harald.
--
Message: 2
Date: Wed, 28 Dec 2016 17:13:48 +0100 (CET)
From: Harald Barth
To: heimdal-disc...@sics.se
Subject: Re: Heimdal 7.1 no success with database backend (sqlite and
others)
Message-ID:
<20161228.171348.1317098851444232743.h...@habook.pdc.kth.se>
Content-Type: Text/Plain; charset=us-ascii
Well, not even when I unconfigure sqlite support it does not pass make check.
Error message: "kadmin: No database support for /var/heimdal/heimdal"
So I suspect that with
# ./configure --with-libintl --with-libintl-include=/usr/local/include
--with-libintl-lib=/usr/local/lib --prefix=/usr/heimdal-7.1.0-lmdb
--disable-kcm --with-openssl --with-openssl-include=/usr/include
--with-openssl-lib=/usr/lib --disable-otp --enable-pthread-support
--with-readline=/usr/local --with-hdbdir=/var/heimdal --without-berkeley-db
--enable-digest --with-ipv6 --enable-kx509 --without-openldap --enable-pk-init
--without-sqlite3 --with-x --x-libraries=/usr/local/lib
--x-includes=/usr/local/include --localstatedir=/var --disable-silent-rules
--disable-ndbm-db --enable-mdb-db "CFLAGS=-I/usr/local/include"
LDFLAGS="-L/usr/local/lib -Wl,
