On 2009-08-12 20:29, Yaakov (Cygwin/X) wrote: > On 12/08/2009 14:55, Alec Kloss wrote: > >I'm not having much luck with heimdal-1.2.1 from cygwin-ports trunk > >on Cygwin 1.7 beta. This is all downloaded today. cygwin-ports > >revision 7337. > > 1) If patch(1) is segfaulting, something else is wrong with your > installation.
Hrm... there appears to be some problems with the filesystem in cygwin 1.7. I was working on an OpenAFS volume where patch was segfaulting. Working on a NTFS volume doesn't segfault. Unfortunately, I'm still having trouble with heimdal-1.2.1-1.cygport. Running "cygport heimdal-1.2.1-1.cygport" results in: >>> Preparing heimdal-1.2.1-1 *** Info: SOURCE 1 signature follows: gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Mon Jul 28 07:33:35 2008 CDT using DSA key ID 45D901D8 gpg: Can't check signature: public key not found >>> Unpacking source heimdal-1.2.1.tar.gz *** Info: applying patch 001_all_heimdal-no_libedit.patch: patching file cf/krb-readline.m4 *** Info: applying patch 003_all_heimdal-rxapps.patch: patching file appl/kx/rxtelnet.in Hunk #1 succeeded at 2 with fuzz 1. patching file appl/kx/rxterm.in Hunk #1 succeeded at 2 with fuzz 1. *** Info: applying patch 014_all_heimdal-path.patch: *** Info: applying patch 022_all_heimdal-as-needed.patch: patching file lib/roken/Makefile.am Hunk #1 succeeded at 110 (offset 3 lines). patching file lib/editline/Makefile.am *** Info: applying patch heimdal-r23238-kb5_locl_h-wind_h.patch: patching file lib/krb5/Makefile.am *** Info: applying patch heimdal-r23235-kb5-libwind_la.patch: *** Info: applying patch heimdal-kdc-sans_pkinit.patch: patching file kdc/Makefile.am *** Info: applying patch heimdal-system_sqlite.patch: *** Info: applying patch heimdal-symlinked-manpages.patch: *** Info: applying patch heimdal-autoconf-ipv6-backport.patch: patching file cf/krb-ipv6.m4 patching file lib/roken/mini_inetd.c *** ERROR: patch 1.2.1-no-editline.patch will not apply > 2) Why is your cygport(1) under /usr/local? The cygport packages that > are part of the distro (curr. 0.9.9) install under /usr. I compiled my own from the Subversion trunk sources. I also just installed the cygport binary and it behaves exactly the same way. > >I've had success compiling Heimdal 1.2 directly and linking openssh > >to it to get GSSAPI authentication working but it seems like > >getting cygwin-ports to do the work would be a better solution. > > The major difference if you built heimdal OOTB is that you have only > static libraries; the Ports .cygport makes shared libs as well. That's true. > I just uploaded the binary packages here: > > ftp://ftp.cygwinports.org/pub/cygwinports/release-2/heimdal/ > > You'll have to download them manually for now. Hrm, these must be cygwin packages; just untarring them doesn't appear to be sufficient. Pointing Cygwin's setup-1.7.exe at ftp://ftp.cygwinports.org/pub/cygwinports/ seems to download the setup-2.bz2 file, but I the setup-2.bz2.sig doesn't survive the signature testing. I'm (obviously) no cygwin packaging expert so if someone can give me a hint about this, that'd be great. > One reason I haven't ITP'd this build is because I have no means of > testing it in real world scenarios. 'make check' did pass, so that's > promising, but I need someone else who is familiar with KRB5 to tell me > it really works (or tell me how else I could test it). I can probably find some time to test a small installation. I'd think most users would just want the client tools and the GSSAPI integration in sshd to work. I'd be a little surprised if someone wanted to run a KDC under cygwin, but one never knows. The earlier poster had openssh linked against MIT Kerberos for Windows. This has a significant advantage over linking for heimdal in that KfW can use the MSLSA ticket cache. This means a user could sit at a workstation, log in using their Windows domain username and password, click the cygwin icon, type "ssh myfavoriteserver" and be logged in without any additional password prompting. I don't think heimdal can access the MSLSA cache, so... someone needs to think about if/when a kerberized openssh is included in cygwin if it should link against cygwin-compiled heimdal or against MIT KfW. -- Alec Kloss a...@setfilepointer.com IM: daemona...@gmail.com PGP key at http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA241980E "No Bunny!" -- Simon, http://wiki.adultswim.com/xwiki/bin/Frisky+Dingo/Simon
pgpy6oE7PlKBV.pgp
Description: PGP signature
