FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-07-2011, 03:14 PM
Stéphane Gaudreault
 
Default krb5

* Replace heimdal by the MIT Kerberos implementation, krb5
* Rebuilded [core] packages :
- librpcsecgss
- libtirpc
- nfs-utils
- openssh

Please signoff both.
Thanks

Stéphane
 
Old 05-07-2011, 03:31 PM
Ionut Biru
 
Default krb5

On 05/07/2011 06:14 PM, Stéphane Gaudreault wrote:

* Replace heimdal by the MIT Kerberos implementation, krb5
* Rebuilded [core] packages :
- librpcsecgss
- libtirpc
- nfs-utils
- openssh

Please signoff both.
Thanks

Stéphane


it will be nice to run db-update and then db-move staging testing krb5

/home/stephane/staging/staging:
krb5-1.9.1-1-i686.pkg.tar.xz krb5-1.9.1-1-x86_64.pkg.tar.xz


--
IonuÈ›
 
Old 05-07-2011, 09:15 PM
Ray Kohler
 
Default krb5

On Sat, May 7, 2011 at 11:14 AM, Stéphane Gaudreault
<stephane@archlinux.org> wrote:
> * Replace heimdal by the MIT Kerberos implementation, krb5
> * Rebuilded [core] packages :
> *- librpcsecgss
> *- libtirpc
> *- nfs-utils
> *- openssh
>
> Please signoff both.
> Thanks
>
> Stéphane

I see a regression versus heimdal here. Do this:

1. Set up krb5.conf to enable proxiable and forwardable tickets
2. Set up ~/.ssh/config to enable "GSSAPIAuthentication" and
"GSSAPIDelegateCredentials"
3. Use "kinit" from this krb5 package to get a new TGT
4. Use the ssh client from this openssh rebuild to connect to a server
that support GSSAPI auth

On some, but not all, ssh server implementations, GSSAPI auth will
fail, and it will fall back to password auth. The server will log
this:

sshd[3822]: Forcing password authentication because no credentials delegated

When using the heimdal-based builds, GSSAPI auth would work in all cases.

It's entirely likely that only very old ssh servers show this problem,
as that's what I'm seeing so far. Possibly there is some confusion
with the new "Okay as delegate" ticket flag, which heimdal didn't
support at all, and MIT krb5 only supports enough to parse and report,
but has no support for setting.

I don't consider this important enough to block the release of these
packages, but I wanted to mention it in case someone else cares more
than me.
 
Old 05-08-2011, 03:28 AM
Allan McRae
 
Default krb5

On 08/05/11 01:14, Stéphane Gaudreault wrote:

* Replace heimdal by the MIT Kerberos implementation, krb5
* Rebuilded [core] packages :
- librpcsecgss
- libtirpc
- nfs-utils
- openssh

Please signoff both.
Thanks



openssh still works, as do other packages that I have updated for this
rebuild. I do not use any actual kerberos stuff though...


Signoff i686,
Allan
 
Old 05-08-2011, 09:16 AM
Thomas Bächler
 
Default krb5

Am 07.05.2011 17:14, schrieb Stéphane Gaudreault:
> * Replace heimdal by the MIT Kerberos implementation, krb5
> * Rebuilded [core] packages :
> - librpcsecgss
> - libtirpc
> - nfs-utils
> - openssh
>
> Please signoff both.
> Thanks
>
> Stéphane

I can't use firefox. I cannot restore my old session. Creating a new
session works, but as soon as I want to open a serious website, it
segfaults. I suspect it is due to this update series which I ran last night:

[2011-05-08 02:12] upgraded libmysqlclient (5.5.11-1 -> 5.5.12-1)
[2011-05-08 02:12] upgraded mysql-clients (5.5.11-1 -> 5.5.12-1)
[2011-05-08 02:12] upgraded mysql (5.5.11-1 -> 5.5.12-1)
[2011-05-08 02:12] upgraded akonadi (1.5.2-1 -> 1.5.3-1)
[2011-05-08 02:12] upgraded bind (9.8.0-1 -> 9.8.0.P1-1)
[2011-05-08 02:12] installed krb5 (1.9.1-1)
[2011-05-08 02:12] upgraded gnutls (2.12.3-1 -> 2.12.4-1)
[2011-05-08 02:12] upgraded libcups (1.4.6-1 -> 1.4.6-2)
[2011-05-08 02:12] upgraded gtk-update-icon-cache (2.24.4-1 -> 2.24.4-2)
[2011-05-08 02:12] upgraded gtk2 (2.24.4-1 -> 2.24.4-2)
[2011-05-08 02:13] upgraded chromium (11.0.696.57-1 -> 11.0.696.65-1)
[2011-05-08 02:13] upgraded cifs-utils (4.9-2 -> 4.9-3)
[2011-05-08 02:13] upgraded cups (1.4.6-1 -> 1.4.6-2)
[2011-05-08 02:13] upgraded cvs (1.11.23-6 -> 1.11.23-7)
[2011-05-08 02:13] upgraded dconf (0.7.3-2 -> 0.7.4-1)
[2011-05-08 02:13] upgraded dnsutils (9.8.0-1 -> 9.8.0.P1-1)
[2011-05-08 02:13] upgraded evolution-data-server (3.0.1-1 -> 3.0.1-2)
[2011-05-08 02:13] upgraded ffmpeg (20110330-1 -> 20110330-2)
[2011-05-08 02:13] upgraded ghostscript (9.02-1 -> 9.02-2)
[2011-05-08 02:13] upgraded gsasl (1.5.4-1 -> 1.5.4-2)
[2011-05-08 02:13] upgraded gtk3 (3.0.9-1 -> 3.0.9-2)
[2011-05-08 02:13] >>please run /usr/sbin/cups-genppdupdate
[2011-05-08 02:13] >>and restart cups deamon
[2011-05-08 02:13] upgraded gutenprint (5.2.7-1 -> 5.2.7-2)
[2011-05-08 02:13] upgraded kdelibs (4.6.3-1 -> 4.6.3-2)
[2011-05-08 02:13] upgraded librpcsecgss (0.19-4 -> 0.19-5)
[2011-05-08 02:13] upgraded libsamplerate (0.1.7-1 -> 0.1.7-2)
[2011-05-08 02:13] upgraded libtirpc (0.2.1-2 -> 0.2.1-3)
[2011-05-08 02:13] upgraded libwpd (0.9.1-1 -> 0.9.2-1)
[2011-05-08 02:13] upgraded neon (0.29.3-2 -> 0.29.3-3)
[2011-05-08 02:13] upgraded nfs-utils (1.2.2-6 -> 1.2.3-1)
[2011-05-08 02:13] upgraded openssh (5.8p2-3 -> 5.8p2-4)
[2011-05-08 02:13] upgraded phonon-gstreamer (4.5.0-1 -> 4.5.1-1)
[2011-05-08 02:13] upgraded qscintilla (2.5.1-1 -> 2.5.1-2)
[2011-05-08 02:13] upgraded smbclient (3.5.8-2 -> 3.5.8-3)
[2011-05-08 02:13] upgraded samba (3.5.8-2 -> 3.5.8-3)
[2011-05-08 02:13] upgraded subversion (1.6.15-1 -> 1.6.15-2)
[2011-05-08 02:13] upgraded wget (1.12-5 -> 1.12-7)
[2011-05-08 02:13] upgraded wireshark-cli (1.4.6-1 -> 1.4.6-2)
[2011-05-08 02:13] upgraded wireshark-gtk (1.4.6-1 -> 1.4.6-2)

gtk2 got updated, which seems the only one related to firefox.
 
Old 05-08-2011, 09:43 AM
Thomas Bächler
 
Default krb5

Am 08.05.2011 11:16, schrieb Thomas Bächler:
> Am 07.05.2011 17:14, schrieb Stéphane Gaudreault:
>> * Replace heimdal by the MIT Kerberos implementation, krb5
>> * Rebuilded [core] packages :
>> - librpcsecgss
>> - libtirpc
>> - nfs-utils
>> - openssh
>>
>> Please signoff both.
>> Thanks
>>
>> Stéphane
>
> I can't use firefox. I cannot restore my old session. Creating a new
> session works, but as soon as I want to open a serious website, it
> segfaults. I suspect it is due to this update series which I ran last night:
>
> [...]
> [2011-05-08 02:13] upgraded dconf (0.7.3-2 -> 0.7.4-1)

This was actually the dconf update, which is not krb5 related.
 
Old 05-08-2011, 10:07 AM
Andrea Scarpino
 
Default krb5

On Saturday 07 May 2011 11:14:27 Stéphane Gaudreault wrote:
> * Replace heimdal by the MIT Kerberos implementation, krb5
> * Rebuilded [core] packages :
> - librpcsecgss
> - libtirpc
> - nfs-utils
> - openssh
no signoff.

nfs-utils is broken:
# /etc/rc.d/nfs-server start
:: Mounting nfsd filesystem
[DONE]
:: Exporting all directories
[DONE]
:: Starting rpc.nfsd daemon
[DONE]
:: Starting rpc.mountd daemon
[BUSY] /usr/sbin/rpc.mountd: bad version number: 1
Usage: /usr/sbin/rpc.mountd [-F|--foreground] [-h|--help] [-v|--version] [-d
kind|--debug kind]
[-o num|--descriptors num] [-f exports-file|--exports-file=file]
[-p|--port port] [-V version|--nfs-version version]
[-N version|--no-nfs-version version] [-n|--no-tcp]
[-H ha-callout-prog] [-s|--state-directory-path path]
[-g|--manage-gids] [-t num|--num-threads=num]
[FAIL]
--
Andrea
 
Old 05-08-2011, 10:11 AM
Andrea Scarpino
 
Default krb5

On Sunday 08 May 2011 12:07:18 Andrea Scarpino wrote:
> no signoff.
>
> nfs-utils is broken:
> # /etc/rc.d/nfs-server start
>
> :: Mounting nfsd filesystem
>
> [DONE]
>
> :: Exporting all directories
>
> [DONE]
>
> :: Starting rpc.nfsd daemon
>
> [DONE]
>
> :: Starting rpc.mountd daemon
>
> [BUSY] /usr/sbin/rpc.mountd: bad version number: 1
> Usage: /usr/sbin/rpc.mountd [-F|--foreground] [-h|--help] [-v|--version] [-d
> kind|--debug kind]
> [-o num|--descriptors num] [-f exports-file|--exports-file=file]
> [-p|--port port] [-V version|--nfs-version version]
> [-N version|--no-nfs-version version] [-n|--no-tcp]
> [-H ha-callout-prog] [-s|--state-directory-path path]
> [-g|--manage-gids] [-t num|--num-threads=num]
>
>
> [FAIL]
Changing line 21 in /etc/conf.d/nfs-server.conf with:
MOUNTD_OPTS="--no-nfs-version 2"
fixed it.

--
Andrea
 
Old 05-08-2011, 01:48 PM
Stéphane Gaudreault
 
Default krb5

Le 8 mai 2011 06:11:06, Andrea Scarpino a écrit :
> On Sunday 08 May 2011 12:07:18 Andrea Scarpino wrote:
> > no signoff.
> >
> > nfs-utils is broken:
> > # /etc/rc.d/nfs-server start
> >
> > :: Mounting nfsd filesystem
> >
> > [DONE]
> >
> > :: Exporting all directories
> >
> > [DONE]
> >
> > :: Starting rpc.nfsd daemon
> >
> > [DONE]
> >
> > :: Starting rpc.mountd daemon
> >
> > [BUSY] /usr/sbin/rpc.mountd: bad version number: 1
> > Usage: /usr/sbin/rpc.mountd [-F|--foreground] [-h|--help] [-v|--version]
> > [-d kind|--debug kind]
> >
> > [-o num|--descriptors num] [-f exports-file|--exports-file=file]
> > [-p|--port port] [-V version|--nfs-version version]
> > [-N version|--no-nfs-version version] [-n|--no-tcp]
> > [-H ha-callout-prog] [-s|--state-directory-path path]
> > [-g|--manage-gids] [-t num|--num-threads=num]
> >
> > [FAIL]
>
> Changing line 21 in /etc/conf.d/nfs-server.conf with:
> MOUNTD_OPTS="--no-nfs-version 2"
> fixed it.

Fixed.
 
Old 05-10-2011, 06:15 PM
Stéphane Gaudreault
 
Default krb5

Le 7 mai 2011 23:28:31, Allan McRae a écrit :
> On 08/05/11 01:14, Stéphane Gaudreault wrote:
> > * Replace heimdal by the MIT Kerberos implementation, krb5
> >
> > * Rebuilded [core] packages :
> > - librpcsecgss
> > - libtirpc
> > - nfs-utils
> > - openssh
> >
> > Please signoff both.
> > Thanks
>
> openssh still works, as do other packages that I have updated for this
> rebuild. I do not use any actual kerberos stuff though...
>
> Signoff i686,
> Allan

Anyone else for x86_64 ?
 

Thread Tools




All times are GMT. The time now is 07:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org