[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kcm and pkinit problem

To: heimdal-discuss@sics.se
Subject: kcm and pkinit problem
From: =?utf-8?q?Bj=C3=B6rn_Schl=C3=B6gl?= <mastamind@quantentunnel.de>
Date: Tue, 25 Mar 2008 04:10:18 +0100
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, =?utf-8?q?Bj=C3=B6rn_Schl=C3=B6gl?= <mastamind@quantentunnel.de>
User-Agent: KMail/1.9.9

Hi!

I try to build heimdal 1.1 without pkinit support by using --disable-pk-init, 
but it seems that the patch attached to this mail is necessary to prevent the 
following compilation error from occurring:

pkinit.c:2045: error: expected declaration specifiers or '...' 
before 'hx509_context'
pkinit.c: In function '_krb5_pk_copy_error':
pkinit.c:2061: warning: implicit declaration of 
function 'hx509_get_error_string'
pkinit.c:2061: warning: nested extern declaration of 'hx509_get_error_string'
pkinit.c:2061: error: 'hx509ctx' undeclared (first use in this function)
pkinit.c:2061: error: (Each undeclared identifier is reported only once
pkinit.c:2061: error: for each function it appears in.)
pkinit.c:2061: warning: assignment makes pointer from integer without a cast

Additionally, I would like to have some information about using kcm to store 
the credentials in. If I set default_cc_name in [libdefaults] in krb5.conf to 
KCM:%{uid}, kinit will fail with:

kinit: krb5_cc_move: kcm_move not implemented

It seems that kinit uses the kcm_move function which is not implemented in 
lib/krb5/kcm.c. pam_krb5 from http://www.eyrie.org/~eagle/software/pam-krb5/ 
works fine to authenticate and get credentials from the kdc. klist 
successfully lists the credentials obtained by pam_krb5 and stored in kcm.

Some questions:
Is it recommended to prefer kcm over files in /tmp to store the credentials?
I personally prefer running servers in chroot and not as root, but none of the 
servers in heimdal support either although none needs root privileges. Would 
you be interested to have such support? In that case I could write patches 
for that.

thanks in advance :-)
bjÃ¶rn

diff -NaurwB heimdal-1.1.orig/lib/krb5/pkinit.c heimdal-1.1/lib/krb5/pkinit.c
--- heimdal-1.1.orig/lib/krb5/pkinit.c	2008-01-24 14:12:25.000000000 +0100
+++ heimdal-1.1/lib/krb5/pkinit.c	2008-03-25 03:37:44.000000000 +0100
@@ -2040,6 +2040,7 @@
  *
  */
 
+#ifdef PKINIT
 static void
 _krb5_pk_copy_error(krb5_context context,
 		    hx509_context hx509ctx,
@@ -2068,3 +2069,4 @@
     free(s);
     free(f);
 }
+#endif

Follow-Ups:
- Re: kcm and pkinit problem
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Inconsistent key purpose in Heimdal, but not Windows
Next by Date: Re: kcm and pkinit problem
Prev by thread: ATTN: Winner.
Next by thread: Re: kcm and pkinit problem
Index(es):
- Date
- Thread