The following 2 patches are need to have a functioning kdc. Without them building against krb5 1.10 produces a ipadb.so module that fails to load due to missing symbols leaving kadmin.local and krb5kdc without a database.
The reason this happens is that during development of this code MIT had some necessary API functions marked private and didn't expose headers. These functions have been made public in 1.10 and renamed. Headers with functions declaration and defines are also available now. They are needed only in master as in 2.2 this code is commented out and builds fine against 1.9 Simo. -- Simo Sorce * Red Hat, Inc * New York
>From 0f1b3ba1fbdc9c24ea661430aed527e995e5fad6 Mon Sep 17 00:00:00 2001 From: Simo Sorce <sso...@redhat.com> Date: Mon, 13 Feb 2012 16:57:57 -0500 Subject: [PATCH 1/5] Remove compat defines These definitions were needed during development to be a le to build against krb5 version < 1.10 These function headers and defintions are now available in 1.10 that is a hard dependency for freeipa 3.0, so we can safely drop them. --- daemons/ipa-kdb/ipa_kdb_mspac.c | 32 -------------------------------- 1 files changed, 0 insertions(+), 32 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 654f0cb213bd3d2e5b531d51584179e523c95970..7f2e586667f21a33eea6ba7cdc84b7a69fe2c1c0 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -25,38 +25,6 @@ #include "util/time.h" #include "gen_ndr/ndr_krb5pac.h" -#define KRB5INT_PAC_SIGN_AVAILABLE 1 -#define KRB5INT_FIND_AUTHDATA_AVAILABLE 1 - -#if KRB5INT_PAC_SIGN_AVAILABLE -krb5_error_code -krb5int_pac_sign(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server_key, - const krb5_keyblock *privsvr_key, - krb5_data *data); -#define krb5_pac_sign krb5int_pac_sign -#define KRB5_PAC_LOGON_INFO 1 -#endif - -#if KRB5INT_FIND_AUTHDATA_AVAILABLE -krb5_error_code -krb5int_find_authdata(krb5_context context, - krb5_authdata *const *ticket_authdata, - krb5_authdata *const *ap_req_authdata, - krb5_authdatatype ad_type, krb5_authdata ***results); -#define krb5_find_authdata krb5int_find_authdata -#endif - -#ifndef KRB5_PAC_SERVER_CHECKSUM -#define KRB5_PAC_SERVER_CHECKSUM 6 -#endif -#ifndef KRB5_PAC_PRIVSVR_CHECKSUM -#define KRB5_PAC_PRIVSVR_CHECKSUM 7 -#endif - static char *user_pac_attrs[] = { "objectClass", "uid", -- 1.7.7.6
>From e3539e7114c778357d14528fd760e8e9bb3d4693 Mon Sep 17 00:00:00 2001 From: Simo Sorce <sso...@redhat.com> Date: Mon, 13 Feb 2012 17:00:46 -0500 Subject: [PATCH 2/5] Require krb5 1.10 --- freeipa.spec.in | 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index a40368dea92b526336d87174555dae6629f97716..4f0cb03ae785d8ebe6715fac969ffdeb2ffa5265 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -37,7 +37,7 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: openssl-devel BuildRequires: openldap-devel -BuildRequires: krb5-devel +BuildRequires: krb5-devel >= 1.10 BuildRequires: krb5-workstation BuildRequires: libuuid-devel %if 0%{?fedora} >= 16 @@ -93,11 +93,7 @@ Requires(pre): 389-ds-base >= 1.2.10-0.5.a5 Requires: openldap-clients Requires: nss Requires: nss-tools -%if 0%{?fedora} >= 16 -Requires: krb5-server >= 1.9.1-15 -%else -Requires: krb5-server -%endif +Requires: krb5-server >= 1.10 Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel