Bug#493044: rsyslog: enable gssapi-krb5 authentication
On Thu, 31 Jul 2008, Michael Biebl wrote: GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. libkrb53 is probably already installed. Openssh depends on it. -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493044: rsyslog: enable gssapi-krb5 authentication
Quoting Peter Palfrader [EMAIL PROTECTED]: On Thu, 31 Jul 2008, Michael Biebl wrote: GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. libkrb53 is probably already installed. Openssh depends on it. It's in /usr/lib though, something I want to avoid, as I'd like to move rsyslogd to /sbin. Currently the only thing blocking this, is the dependency on libz, which is used for netstream compression. Given the size of zlib1g, I was already considering to ask for moving libz to /lib, so I can move on with this, or optionally make the netstream compressing code a plugin, which could be moved into a separate package. I dunno, if it would be feasible to move the krb libs to /lib, that's why I intend to move this plugin into a separate package. But I'm open to any good suggestions. Cheers, Michael This mail was sent through TecO-Webmail: http://www.teco.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493044: rsyslog: enable gssapi-krb5 authentication
* Michael Biebl [EMAIL PROTECTED] [20080807 13:38]: Ben Poliakoff wrote: * Michael Biebl [EMAIL PROTECTED] [20080731 00:02]: GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. Attached is a first stab at a patch. The patch does the following: - defines the rsyslog-gssapi package in debian/control - modifies the debian/rsyslog.install file, removing wildcards to avoid inadvertently pulling in the *gss* plugins - adds a debian/rsyslog-gssapi.install file, specifying the gssapi related plugins for the rsyslog-gssapi package I've never submitted a *packaging* related patch before, so I may have missed something important or obvious. Hopefully this will help though. Let me know if there's anything I can do to help! Hi Ben, thanks a lot for the patch. Much appreciated. I don't plan any major changes for the rsyslog package before the lenny release. So this feature will probably have to wait until lenny is out. Oh well, I was hoping this feature could make the cut for lenny. But I can understand how enabling new features this close to the release might make you anxious. Fortunately it's not too difficult to maintain a custom rsyslog package, based on the debian one. I'm planning on rolling out rsyslog with gssapi auth for my site shortly. Best wishes, Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpwaFC1igPNR.pgp Description: PGP signature
Bug#493044: rsyslog: enable gssapi-krb5 authentication
Ben Poliakoff wrote: * Michael Biebl [EMAIL PROTECTED] [20080731 00:02]: GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. Attached is a first stab at a patch. The patch does the following: - defines the rsyslog-gssapi package in debian/control - modifies the debian/rsyslog.install file, removing wildcards to avoid inadvertently pulling in the *gss* plugins - adds a debian/rsyslog-gssapi.install file, specifying the gssapi related plugins for the rsyslog-gssapi package I've never submitted a *packaging* related patch before, so I may have missed something important or obvious. Hopefully this will help though. Let me know if there's anything I can do to help! Hi Ben, thanks a lot for the patch. Much appreciated. I don't plan any major changes for the rsyslog package before the lenny release. So this feature will probably have to wait until lenny is out. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#493044: rsyslog: enable gssapi-krb5 authentication
Ben Poliakoff wrote: Package: rsyslog Version: 3.18.1-3gss Severity: wishlist I haven't filed many Debian bug reports, hope this ends up in the right place. Please consider enabling GSSAPI input and output in the rsyslog package. The upstream package supports it. Enabling GSSAPI is pretty simple (adding --enable-gssapi-krb5 to the ./configure line). I built a version of the debian package that enables GSSAPI input and output by doing the following: - added --enable-gssapi-krb5 to the ./configure line - adding debian/tmp/usr/lib/rsyslog/omgssapi.so to rsyslog.install GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#493044: rsyslog: enable gssapi-krb5 authentication
* Michael Biebl [EMAIL PROTECTED] [20080731 00:02]: GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. A separate package would probably be necessary, to not drag in any dependency on libkrb53. Would it be at all useful for me to submit a patch that adds such a package? Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpbBuS2SChpe.pgp Description: PGP signature
Bug#493044: rsyslog: enable gssapi-krb5 authentication
* Michael Biebl [EMAIL PROTECTED] [20080731 00:02]:
GSSAPI is entirely optional (but it's very nice for people who already
have a kerberos infrastucture), so it seems reasonable to add the option
for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub
package.
A separate package would probably be necessary, to not drag in any
dependency on libkrb53.
Attached is a first stab at a patch. The patch does the following:
- defines the rsyslog-gssapi package in debian/control
- modifies the debian/rsyslog.install file, removing wildcards to
avoid inadvertently pulling in the *gss* plugins
- adds a debian/rsyslog-gssapi.install file, specifying the gssapi
related plugins for the rsyslog-gssapi package
I've never submitted a *packaging* related patch before, so I may have
missed something important or obvious. Hopefully this will help though.
Let me know if there's anything I can do to help!
Ben
--
PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
--- orig/rsyslog-3.18.1/debian/control 2008-07-31 11:57:28.0 -0700
+++ rsyslog-3.18.1/debian/control 2008-07-31 11:44:44.0 -0700
@@ -2,7 +2,7 @@
Section: admin
Priority: important
Maintainer: Michael Biebl [EMAIL PROTECTED]
-Build-Depends: debhelper (= 5), quilt, autotools-dev, zlib1g-dev,
libmysqlclient15-dev, libpq-dev
+Build-Depends: debhelper (= 5), quilt, autotools-dev, zlib1g-dev,
libmysqlclient15-dev, libpq-dev, libkrb5-dev
Standards-Version: 3.8.0
Vcs-Git: git://git.debian.org/git/users/biebl/rsyslog.git
Vcs-Browser: http://git.debian.org/?p=users/biebl/rsyslog.git;a=summary
@@ -63,3 +63,12 @@
Description: PostgreSQL output plugin for rsyslog
This plugin allows rsyslog to write the syslog messages into a PostgreSQL
database.
+
+Package: rsyslog-gssapi
+Architecture: any
+Priority: extra
+Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}), ucf
+Recommends: krb5-user
+Description: GSSAPI input and output plugins for rsyslog
+ These plugins allow rsyslog to write and/or receive GSSAPI authenticated and
+ encrypted syslog messages.
--- orig/rsyslog-3.18.1/debian/rsyslog.install 2008-07-31 11:57:28.0
-0700
+++ rsyslog-3.18.1/debian/rsyslog.install 2008-07-31 11:49:43.0
-0700
@@ -1,6 +1,14 @@
debian/rsyslog.conf /etc/
debian/tmp/usr/sbin/
debian/tmp/usr/share/man/
-debian/tmp/usr/lib/rsyslog/im*.so
-debian/tmp/usr/lib/rsyslog/lm*.so
+debian/tmp/usr/lib/rsyslog/imfile.so
+debian/tmp/usr/lib/rsyslog/imklog.so
+debian/tmp/usr/lib/rsyslog/immark.so
+debian/tmp/usr/lib/rsyslog/imtcp.so
+debian/tmp/usr/lib/rsyslog/imudp.so
+debian/tmp/usr/lib/rsyslog/imuxsock.so
+debian/tmp/usr/lib/rsyslog/lmnet.so
+debian/tmp/usr/lib/rsyslog/lmregexp.so
+debian/tmp/usr/lib/rsyslog/lmtcpclt.so
+debian/tmp/usr/lib/rsyslog/lmtcpsrv.so
debian/tmp/usr/lib/rsyslog/ommail.so
--- orig/rsyslog-3.18.1/debian/rsyslog-gssapi.install 1969-12-31
16:00:00.0 -0800
+++ rsyslog-3.18.1/debian/rsyslog-gssapi.install2008-07-31
11:46:51.0 -0700
@@ -0,0 +1,3 @@
+debian/tmp/usr/lib/rsyslog/imgssapi.so
+debian/tmp/usr/lib/rsyslog/lmgssutil.so
+debian/tmp/usr/lib/rsyslog/omgssapi.so
pgpr8NhFhAHzl.pgp
Description: PGP signature
Bug#493044: rsyslog: enable gssapi-krb5 authentication
Package: rsyslog Version: 3.18.1-3gss Severity: wishlist I haven't filed many Debian bug reports, hope this ends up in the right place. Please consider enabling GSSAPI input and output in the rsyslog package. The upstream package supports it. Enabling GSSAPI is pretty simple (adding --enable-gssapi-krb5 to the ./configure line). I built a version of the debian package that enables GSSAPI input and output by doing the following: - added --enable-gssapi-krb5 to the ./configure line - adding debian/tmp/usr/lib/rsyslog/omgssapi.so to rsyslog.install GSSAPI is entirely optional (but it's very nice for people who already have a kerberos infrastucture), so it seems reasonable to add the option for rsyslog. Perhaps it might be added as an 'rsyslog-gssapi' sub package. Ben -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-3-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages rsyslog depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libkrb53 1.4.4-7etch6 MIT Kerberos runtime libraries ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii zlib1g 1:1.2.3-13compression library - runtime Versions of packages rsyslog recommends: ii logrotate 3.7.1-3Log rotation utility -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
