[CalendarServer-users] Kerberos and install on OmniOS (illumos)
Andre LaBranche
dre at apple.com
Wed Nov 5 14:11:48 PST 2014
> On Nov 5, 2014, at 1:55 PM, Olaf Marzocchi <lists at marzocchi.net> wrote:
>
> Dear Andre,
> I checked out today the latest version (revision 14134) and i tried the compilation again but the issue is the same.
> I suppose you haven’t updated the source code with the “right flags”. If you provide me with them, I will try the compilation and report back.
I haven’t had a chance to do this, and really it’s a question for OmniOS and / or Kerberos hackers.
It would probably be easier to simply disable kerberos support in Calendar Server if you don’t need it. To do this:
1) Edit requirements-stable.txt to comment out the line that declares the dependency on PyKerberos.
# -e svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@13420#egg=kerberos
2) Run ./bin/develop again
3) Make sure none of your server config plists try to activate Kerberos by setting the Authentication --> Kerberos --> Enabled key to false.
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
4) Start server with ./bin/run -n
At startup, the server logs about the configured authentication backends with the “calendarserver.tap.util" prefix, at log level “info”. In the below log snippet, my server has 4 authentication styles enabled, and kerberos is disabled.
2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: basic
2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: clientcertificate
2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: digest
2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: wiki
Please let me know if this works for you. There is a fair chance that you will hit another roadblock after clearing this one :)
Cheers,
-dre
>
> Thanks,
> Olaf
>
>
>
>> Il giorno 07/ott/2014, alle ore 23:56, Andre LaBranche <dre at apple.com> ha scritto:
>>
>> Looks like maybe OmniOS's included kerberos installation was not configured to use gss. As you have noted, gssapi is provided separately from kerberos-v5, and is also part of the default installation.
>>
>> vagrant at omnios-vagrant:~/pykerberos-1.1.5$ krb5-config --cflags
>> -I/usr/include/kerberosv5
>>
>> vagrant at omnios-vagrant:~/pykerberos-1.1.5$ ls /usr/include/gssapi/
>> gssapi_ext.h gssapi.h
>>
>> Maybe I can rebuild it with the right flags…
>>
>> -dre
>>
>>> On Oct 7, 2014, at 11:58 AM, Andre LaBranche <dre at apple.com> wrote:
>>>
>>> Hi,
>>>
>>> I’m grabbing an OmniOS ISO to try this in a VM. I have very little solaris experience, so we’ll see how it goes :)
>>>
>>> It seems that something about your kerberos installation is different from what PyKerbeors expects.
>>>
>>> Since you mentioned iOS and OS X clients, you might consider simply disabling kerberos in the Calendar Server setup, since the native clients at least do not support it (I’m not sure if Android clients support kerberos).
>>>
>>> I see your post on the OmniOS forum… hopefully they can help.
>>>
>>> -dre
>>>
>>>> On Oct 5, 2014, at 4:57 AM, Olaf Marzocchi <lists at marzocchi.net> wrote:
>>>>
>>>> Hello again,
>>>> may I ask again if someone is able to help me with the issue? my only alternative is to abandon CalendarServer.
>>>>
>>>> Regards,
>>>> Olaf Marzocchi
>>>>
>>>>
>>>>
>>>> Il giorno 14/set/2014, alle ore 12:44, Olaf Marzocchi <lists at marzocchi.net> ha scritto:
>>>>
>>>>>
>>>>> Dear all,
>>>>> I am preparing a server based on OmniOS (kernel illumos), let’s say the successor of OpenIndiana (OpenSolaris) and I would like to offer CalDAV/CardDAV to the users. I chose calendarserver because the users use iOS, OS X, Android.
>>>>>
>>>>> I run “python setup.py” and everything runs well (I just needed to put the GNU tar in the path before the one provided by OmniOS/illumos) until PyKerberos.
>>>>>
>>>>> ------
>>>>> ~/CalendarServer/CalendarServer-5.2 $ ./run -s
>>>>>
>>>>> Using built libevent.
>>>>>
>>>>> Using built memcached.
>>>>>
>>>>> Using built PostgreSQL.
>>>>>
>>>>> Using built OpenLDAP.
>>>>>
>>>>> Using built libffi.
>>>>>
>>>>> Using system version of setuptools.
>>>>>
>>>>> Building Zope Interface...
>>>>>
>>>>> Using system version of pyOpenSSL.
>>>>>
>>>>> Building PyKerberos...
>>>>>
>>>>> gcc: error: /usr/bin/krb5-config:: No such file or directory
>>>>> gcc: error: Unknown: No such file or directory
>>>>> gcc: error: option: No such file or directory
>>>>> gcc: error: `gssapi': No such file or directory
>>>>> gcc: error: use: No such file or directory
>>>>> gcc: error: `--help': No such file or directory
>>>>> gcc: error: for: No such file or directory
>>>>> gcc: error: usage: No such file or directory
>>>>> gcc: error: unrecognized command line option '--'
>>>>> error: command 'gcc' failed with exit status 1
>>>>>
>>>>> ~/CalendarServer/CalendarServer-5.2 $ cd ../PyKerberos
>>>>>
>>>>> ~/CalendarServer/PyKerberos $ python setup.py build
>>>>>
>>>>> running build
>>>>> running build_ext
>>>>> building 'kerberos' extension
>>>>> gcc -m64 -fno-strict-aliasing -std=c99 -m64 -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.6 -c src/kerberos.c -o build/temp.solaris-2.11-i86pc-2.6/src/kerberos.o /usr/bin/krb5-config: Unknown option `gssapi' -- use `--help' for usage
>>>>> gcc: error: /usr/bin/krb5-config:: No such file or directory
>>>>> gcc: error: Unknown: No such file or directory
>>>>> gcc: error: option: No such file or directory
>>>>> gcc: error: `gssapi': No such file or directory
>>>>> gcc: error: use: No such file or directory
>>>>> gcc: error: `--help': No such file or directory
>>>>> gcc: error: for: No such file or directory
>>>>> gcc: error: usage: No such file or directory
>>>>> gcc: error: unrecognized command line option '--'
>>>>> error: command 'gcc' failed with exit status 1
>>>>>
>>>>> ~/src/CalendarServer/PyKerberos $ krb5-config --all --libs —cflags
>>>>>
>>>>> Version: Solaris Kerberos (based on MIT Kerberos 5 release 1.6.3)
>>>>> Vendor: Sun Microsystems, Inc.
>>>>> Prefix: /usr
>>>>> Exec_prefix: /usr
>>>>> -I/usr/include/kerberosv5
>>>>> -L/usr/lib -R/usr/lib -lkrb5
>>>>> ------
>>>>>
>>>>> As you can see, “gssapi” does not show up when requested with
>>>>> extra_link_args = commands.getoutput("krb5-config --libs gssapi").split(),
>>>>> even if the gssapi packages are installed (I never tested Kerberos though):
>>>>> ------
>>>>> ~/src/CalendarServer/PyKerberos $ pkg search gssapi
>>>>>
>>>>> INDEX ACTION VALUE PACKAGE
>>>>> pkg.summary set GSSAPI CONFIG V2 pkg:/service/security/gss at 0.5.11-0.151010
>>>>> pkg.summary set GSSAPI V2 pkg:/system/library/security/gss at 0.5.11-0.151010
>>>>> pkg.summary set kernel GSSAPI V2 pkg:/system/kernel/security/gss at 0.5.11-0.151010
>>>>> basename dir usr/include/gssapi pkg:/system/header at 0.5.11-0.151010
>>>>>
>>>>> ~/src/CalendarServer/PyKerberos $ pkg info pkg:/service/security/gss at 0.5.11-0.151010 pkg:/system/library/security/gss at 0.5.11-0.151010 pkg:/system/kernel/security/gss at 0.5.11-0.151010 pkg:/system/header at 0.5.11-0.151010
>>>>>
>>>>> Name: service/security/gss
>>>>> Summary: GSSAPI CONFIG V2
>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>> 2 - config
>>>>> Category: System/Security
>>>>> State: Installed
>>>>> Publisher: omnios
>>>>> Version: 0.5.11
>>>>> Build Release: 5.11
>>>>> Branch: 0.151010
>>>>> Packaging Date: Mon Apr 28 19:28:56 2014
>>>>> Size: 17.53 kB
>>>>> FMRI: pkg://omnios/service/security/gss@0.5.11,5.11-0.151010:20140428T192856Z
>>>>>
>>>>> Name: system/header
>>>>> Summary: SunOS Header Files
>>>>> Description: SunOS C/C++ header files for general development of software
>>>>> Category: System/Core
>>>>> State: Installed
>>>>> Publisher: omnios
>>>>> Version: 0.5.11
>>>>> Build Release: 5.11
>>>>> Branch: 0.151010
>>>>> Packaging Date: Mon Apr 28 19:29:16 2014
>>>>> Size: 12.19 MB
>>>>> FMRI: pkg://omnios/system/header@0.5.11,5.11-0.151010:20140428T192916Z
>>>>>
>>>>> Name: system/kernel/security/gss
>>>>> Summary: kernel GSSAPI V2
>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>> 2 - kernel
>>>>> Category: System/Security
>>>>> State: Installed
>>>>> Publisher: omnios
>>>>> Version: 0.5.11
>>>>> Build Release: 5.11
>>>>> Branch: 0.151010
>>>>> Packaging Date: Mon Apr 28 19:29:21 2014
>>>>> Size: 335.22 kB
>>>>> FMRI: pkg://omnios/system/kernel/security/gss@0.5.11,5.11-0.151010:20140428T192921Z
>>>>>
>>>>> Name: system/library/security/gss
>>>>> Summary: GSSAPI V2
>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>> 2 - user
>>>>> Category: System/Security
>>>>> State: Installed
>>>>> Publisher: omnios
>>>>> Version: 0.5.11
>>>>> Build Release: 5.11
>>>>> Branch: 0.151010
>>>>> Packaging Date: Mon Apr 28 19:29:26 2014
>>>>> Size: 687.41 kB
>>>>> FMRI: pkg://omnios/system/library/security/gss@0.5.11,5.11-0.151010:20140428T192926Z
>>>>> ------
>>>>>
>>>>>
>>>>> Could anyone help me with the issue?
>>>>>
>>>>> Thanks
>>>>> Olaf Marzocchi
>>>>
>>>> _______________________________________________
>>>> calendarserver-users mailing list
>>>> calendarserver-users at lists.macosforge.org
>>>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users
>>>
>>> _______________________________________________
>>> calendarserver-users mailing list
>>> calendarserver-users at lists.macosforge.org
>>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20141105/e5ee8330/attachment-0001.html>
More information about the calendarserver-users
mailing list