[
https://issues.apache.org/jira/browse/DIRKRB-631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16039404#comment-16039404
]
Marc de Lignie commented on DIRKRB-631:
---------------------------------------
For people wanting to use Directory Kerby 1.0.0 with MIT Kerberos and a recent
Linux distro right now, the following workaround applies (tested on Ubuntu
16.04LTS). The problem, at least for me, was to find out how to compile this
source, i.e. learning about the extra needed compiler flags. You will probably
need to install some additional Ubuntu packages, like build-essential, automake
and autotools-dev; read the error messages.
$ wget http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.7-signed.tar
$ tar -xf krb5-1.10.7-signed.tar
$ tar -xf krb5-1.10.7.tar.gz
$ cd krb5-1.10.7/src
$ ./configure LDFLAGS='-z muldefs' CPPFLAGS='-DCONFIG_SMALL'
$ make
$ sudo make install
In a fresh terminal check:
$ krb5-config --version
If you use python's mit kerberos wrapper from PYPI, reinstall it so that it
links to the new default shared kerberos libraries.
This workaround does not alleviate the necessity to resolve the current issue;
kerberos-1.10 is at N-5. Even the gpg key is not valid anymore, so this
workaround is at your own risc :)
pub rsa2048/749D7889 2014-06-16 [SCEA] [ingetrokken op: 2016-08-16]
uid [ingetrok] Tom Yu <[email protected]>
Cheers, Marc
> Not compatible with MIT Kerberos 1.11+
> --------------------------------------
>
> Key: DIRKRB-631
> URL: https://issues.apache.org/jira/browse/DIRKRB-631
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 1.0.0-RC2, 1.0.0
> Environment: Debian, Fedora
> Reporter: Marc de Lignie
> Fix For: 1.0.1
>
>
> The Kerby kdc does not accept preauthication form a MIT Kerberos client
> starting from version 1.11. V1.11 hallmarks the implementation of the FAST
> OTP standard in MIT Kerberos, apparently with changes not understood by Kerby.
> More details on stacktraces are available from:
> http://mail-archives.apache.org/mod_mbox/directory-kerby/201705.mbox/browser
> A failing test is available from:
> https://github.com/vtslab/directory-kerby/tree/MitIssue
> Without an update on Mit Kerberos compatibility Directory Kerby is not usable
> for testing kerberos functionality in Apache TInkerpop's gremlin-python
> module (the more so because the Mit Kerberos 1.10 source distribution does
> not compile anymore with the gcc-5.x from recent LTS Linux distributions).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
