The following 2 patches are need to have a functioning kdc.
Without them building against krb5 1.10 produces a ipadb.so module that
fails to load due to missing symbols leaving kadmin.local and krb5kdc
without a database.
The reason this happens is that during development of this code MIT had
some necessary API functions marked private and didn't expose headers.
These functions have been made public in 1.10 and renamed. Headers with
functions declaration and defines are also available now.
They are needed only in master as in 2.2 this code is commented out and
builds fine against 1.9
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 0f1b3ba1fbdc9c24ea661430aed527e995e5fad6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 13 Feb 2012 16:57:57 -0500
Subject: [PATCH 1/5] Remove compat defines
These definitions were needed during development to be a le to build against
krb5 version < 1.10
These function headers and defintions are now available in 1.10 that is a hard
dependency for freeipa 3.0, so we can safely drop them.
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 32 --------------------------------
1 files changed, 0 insertions(+), 32 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 654f0cb213bd3d2e5b531d51584179e523c95970..7f2e586667f21a33eea6ba7cdc84b7a69fe2c1c0 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -25,38 +25,6 @@
#include "util/time.h"
#include "gen_ndr/ndr_krb5pac.h"
-#define KRB5INT_PAC_SIGN_AVAILABLE 1
-#define KRB5INT_FIND_AUTHDATA_AVAILABLE 1
-
-#if KRB5INT_PAC_SIGN_AVAILABLE
-krb5_error_code
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
-#define krb5_pac_sign krb5int_pac_sign
-#define KRB5_PAC_LOGON_INFO 1
-#endif
-
-#if KRB5INT_FIND_AUTHDATA_AVAILABLE
-krb5_error_code
-krb5int_find_authdata(krb5_context context,
- krb5_authdata *const *ticket_authdata,
- krb5_authdata *const *ap_req_authdata,
- krb5_authdatatype ad_type, krb5_authdata ***results);
-#define krb5_find_authdata krb5int_find_authdata
-#endif
-
-#ifndef KRB5_PAC_SERVER_CHECKSUM
-#define KRB5_PAC_SERVER_CHECKSUM 6
-#endif
-#ifndef KRB5_PAC_PRIVSVR_CHECKSUM
-#define KRB5_PAC_PRIVSVR_CHECKSUM 7
-#endif
-
static char *user_pac_attrs[] = {
"objectClass",
"uid",
--
1.7.7.6
>From e3539e7114c778357d14528fd760e8e9bb3d4693 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 13 Feb 2012 17:00:46 -0500
Subject: [PATCH 2/5] Require krb5 1.10
---
freeipa.spec.in | 8 ++------
1 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index a40368dea92b526336d87174555dae6629f97716..4f0cb03ae785d8ebe6715fac969ffdeb2ffa5265 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -37,7 +37,7 @@ BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
-BuildRequires: krb5-devel
+BuildRequires: krb5-devel >= 1.10
BuildRequires: krb5-workstation
BuildRequires: libuuid-devel
%if 0%{?fedora} >= 16
@@ -93,11 +93,7 @@ Requires(pre): 389-ds-base >= 1.2.10-0.5.a5
Requires: openldap-clients
Requires: nss
Requires: nss-tools
-%if 0%{?fedora} >= 16
-Requires: krb5-server >= 1.9.1-15
-%else
-Requires: krb5-server
-%endif
+Requires: krb5-server >= 1.10
Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
--
1.7.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
