[CalendarServer-users] Kerberos and install on OmniOS (illumos)
Andre LaBranche
dre at apple.com
Sun Nov 9 11:59:44 PST 2014
Hi,
Are you using python 2.6? I think trunk requires python 2.7. This isn’t very well documented at present.
http://trac.calendarserver.org/browser/CalendarServer/trunk/HACKING.rst <http://trac.calendarserver.org/browser/CalendarServer/trunk/HACKING.rst> says 2.6, but I’m pretty sure that is out-dated.
However, the new (woefully incomplete, barely started) admin guide says to use python2.7:
http://trac.calendarserver.org/browser/CalendarServer/trunk/doc/Admin/Guide.rst <http://trac.calendarserver.org/browser/CalendarServer/trunk/doc/Admin/Guide.rst> (this doc isn’t yet linked from the web).
Please retry with python2.7. Once I confirm that 2.7 is required, I’ll update the HACKING doc.
-dre
> On Nov 9, 2014, at 10:51 AM, Olaf Marzocchi <lists at marzocchi.net> wrote:
>
> In bin/build.sh I had to change line 515 from “Cyrus SASL” to “Cyrus_SASL” to have the compilation start.
> In line 517 I added --disable-gssapi
>
> These two changes made Cyrus IMAP compile.
>
> I had to export PATH=/usr/gnu/bin:$PATH and to install the package gnu-tar to be able to proceed with setuptools-5.4.1.
>
> At a certain point,
>
>> Installed /export/home/olaf/src/CalendarServer/trunk/.develop/ve_tools/lib/virtualenv-1.11.6-py2.6.egg
>> Processing dependencies for virtualenv==1.11.6
>> Finished processing dependencies for virtualenv==1.11.6
>> New python executable in /export/home/olaf/src/CalendarServer/trunk/.develop/virtualenv/bin/python2.6
>> Also creating executable in /export/home/olaf/src/CalendarServer/trunk/.develop/virtualenv/bin/python
>> ERROR: The executable /export/home/olaf/src/CalendarServer/trunk/.develop/virtualenv/bin/python2.6 is not functioning
>> ERROR: It thinks sys.prefix is u'/export/home/olaf/src/CalendarServer/trunk' (should be u'/export/home/olaf/src/CalendarServer/trunk/.develop/virtualenv')
>> ERROR: virtualenv is not compatible with this system or executable
>
>
> And I’m not sure how to proceed further.
>
> Could you tell me how to proceed?
>
> Thanks
> Olaf
>
>
>
>> Il giorno 05/nov/2014, alle ore 23:11, Andre LaBranche <dre at apple.com <mailto:dre at apple.com>> ha scritto:
>>
>> On Nov 5, 2014, at 1:55 PM, Olaf Marzocchi <lists at marzocchi.net <mailto:lists at marzocchi.net>> wrote:
>>>
>>> Dear Andre,
>>> I checked out today the latest version (revision 14134) and i tried the compilation again but the issue is the same.
>>> I suppose you haven’t updated the source code with the “right flags”. If you provide me with them, I will try the compilation and report back.
>>
>> I haven’t had a chance to do this, and really it’s a question for OmniOS and / or Kerberos hackers.
>>
>> It would probably be easier to simply disable kerberos support in Calendar Server if you don’t need it. To do this:
>>
>> 1) Edit requirements-stable.txt to comment out the line that declares the dependency on PyKerberos.
>>
>> # -e svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@13420#egg=kerberos <svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@13420#egg=kerberos>
>>
>> 2) Run ./bin/develop again
>>
>> 3) Make sure none of your server config plists try to activate Kerberos by setting the Authentication --> Kerberos --> Enabled key to false.
>>
>> <!-- Kerberos/SPNEGO -->
>> <key>Kerberos</key>
>> <dict>
>> <key>Enabled</key>
>> <false/>
>> </dict>
>>
>> 4) Start server with ./bin/run -n
>>
>> At startup, the server logs about the configured authentication backends with the “calendarserver.tap.util" prefix, at log level “info”. In the below log snippet, my server has 4 authentication styles enabled, and kerberos is disabled.
>>
>> 2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: basic
>> 2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: clientcertificate
>> 2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: digest
>> 2014-11-05 14:06:42-0800 [-] [calendarserver.tap.util#info] Setting up scheme: wiki
>>
>> Please let me know if this works for you. There is a fair chance that you will hit another roadblock after clearing this one :)
>>
>> Cheers,
>> -dre
>>
>>>
>>> Thanks,
>>> Olaf
>>>
>>>
>>>
>>>> Il giorno 07/ott/2014, alle ore 23:56, Andre LaBranche <dre at apple.com <mailto:dre at apple.com>> ha scritto:
>>>>
>>>> Looks like maybe OmniOS's included kerberos installation was not configured to use gss. As you have noted, gssapi is provided separately from kerberos-v5, and is also part of the default installation.
>>>>
>>>> vagrant at omnios-vagrant:~/pykerberos-1.1.5$ krb5-config --cflags
>>>> -I/usr/include/kerberosv5
>>>>
>>>> vagrant at omnios-vagrant:~/pykerberos-1.1.5$ ls /usr/include/gssapi/
>>>> gssapi_ext.h gssapi.h
>>>>
>>>> Maybe I can rebuild it with the right flags…
>>>>
>>>> -dre
>>>>
>>>>> On Oct 7, 2014, at 11:58 AM, Andre LaBranche <dre at apple.com <mailto:dre at apple.com>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I’m grabbing an OmniOS ISO to try this in a VM. I have very little solaris experience, so we’ll see how it goes :)
>>>>>
>>>>> It seems that something about your kerberos installation is different from what PyKerbeors expects.
>>>>>
>>>>> Since you mentioned iOS and OS X clients, you might consider simply disabling kerberos in the Calendar Server setup, since the native clients at least do not support it (I’m not sure if Android clients support kerberos).
>>>>>
>>>>> I see your post on the OmniOS forum… hopefully they can help.
>>>>>
>>>>> -dre
>>>>>
>>>>>> On Oct 5, 2014, at 4:57 AM, Olaf Marzocchi <lists at marzocchi.net <mailto:lists at marzocchi.net>> wrote:
>>>>>>
>>>>>> Hello again,
>>>>>> may I ask again if someone is able to help me with the issue? my only alternative is to abandon CalendarServer.
>>>>>>
>>>>>> Regards,
>>>>>> Olaf Marzocchi
>>>>>>
>>>>>>
>>>>>>
>>>>>> Il giorno 14/set/2014, alle ore 12:44, Olaf Marzocchi <lists at marzocchi.net <mailto:lists at marzocchi.net>> ha scritto:
>>>>>>
>>>>>>>
>>>>>>> Dear all,
>>>>>>> I am preparing a server based on OmniOS (kernel illumos), let’s say the successor of OpenIndiana (OpenSolaris) and I would like to offer CalDAV/CardDAV to the users. I chose calendarserver because the users use iOS, OS X, Android.
>>>>>>>
>>>>>>> I run “python setup.py” and everything runs well (I just needed to put the GNU tar in the path before the one provided by OmniOS/illumos) until PyKerberos.
>>>>>>>
>>>>>>> ------
>>>>>>> ~/CalendarServer/CalendarServer-5.2 $ ./run -s
>>>>>>>
>>>>>>> Using built libevent.
>>>>>>>
>>>>>>> Using built memcached.
>>>>>>>
>>>>>>> Using built PostgreSQL.
>>>>>>>
>>>>>>> Using built OpenLDAP.
>>>>>>>
>>>>>>> Using built libffi.
>>>>>>>
>>>>>>> Using system version of setuptools.
>>>>>>>
>>>>>>> Building Zope Interface...
>>>>>>>
>>>>>>> Using system version of pyOpenSSL.
>>>>>>>
>>>>>>> Building PyKerberos...
>>>>>>>
>>>>>>> gcc: error: /usr/bin/krb5-config:: No such file or directory
>>>>>>> gcc: error: Unknown: No such file or directory
>>>>>>> gcc: error: option: No such file or directory
>>>>>>> gcc: error: `gssapi': No such file or directory
>>>>>>> gcc: error: use: No such file or directory
>>>>>>> gcc: error: `--help': No such file or directory
>>>>>>> gcc: error: for: No such file or directory
>>>>>>> gcc: error: usage: No such file or directory
>>>>>>> gcc: error: unrecognized command line option '--'
>>>>>>> error: command 'gcc' failed with exit status 1
>>>>>>>
>>>>>>> ~/CalendarServer/CalendarServer-5.2 $ cd ../PyKerberos
>>>>>>>
>>>>>>> ~/CalendarServer/PyKerberos $ python setup.py build
>>>>>>>
>>>>>>> running build
>>>>>>> running build_ext
>>>>>>> building 'kerberos' extension
>>>>>>> gcc -m64 -fno-strict-aliasing -std=c99 -m64 -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.6 -c src/kerberos.c -o build/temp.solaris-2.11-i86pc-2.6/src/kerberos.o /usr/bin/krb5-config: Unknown option `gssapi' -- use `--help' for usage
>>>>>>> gcc: error: /usr/bin/krb5-config:: No such file or directory
>>>>>>> gcc: error: Unknown: No such file or directory
>>>>>>> gcc: error: option: No such file or directory
>>>>>>> gcc: error: `gssapi': No such file or directory
>>>>>>> gcc: error: use: No such file or directory
>>>>>>> gcc: error: `--help': No such file or directory
>>>>>>> gcc: error: for: No such file or directory
>>>>>>> gcc: error: usage: No such file or directory
>>>>>>> gcc: error: unrecognized command line option '--'
>>>>>>> error: command 'gcc' failed with exit status 1
>>>>>>>
>>>>>>> ~/src/CalendarServer/PyKerberos $ krb5-config --all --libs —cflags
>>>>>>>
>>>>>>> Version: Solaris Kerberos (based on MIT Kerberos 5 release 1.6.3)
>>>>>>> Vendor: Sun Microsystems, Inc.
>>>>>>> Prefix: /usr
>>>>>>> Exec_prefix: /usr
>>>>>>> -I/usr/include/kerberosv5
>>>>>>> -L/usr/lib -R/usr/lib -lkrb5
>>>>>>> ------
>>>>>>>
>>>>>>> As you can see, “gssapi” does not show up when requested with
>>>>>>> extra_link_args = commands.getoutput("krb5-config --libs gssapi").split(),
>>>>>>> even if the gssapi packages are installed (I never tested Kerberos though):
>>>>>>> ------
>>>>>>> ~/src/CalendarServer/PyKerberos $ pkg search gssapi
>>>>>>>
>>>>>>> INDEX ACTION VALUE PACKAGE
>>>>>>> pkg.summary set GSSAPI CONFIG V2 pkg:/service/security/gss at 0.5.11-0.151010
>>>>>>> pkg.summary set GSSAPI V2 pkg:/system/library/security/gss at 0.5.11-0.151010
>>>>>>> pkg.summary set kernel GSSAPI V2 pkg:/system/kernel/security/gss at 0.5.11-0.151010
>>>>>>> basename dir usr/include/gssapi pkg:/system/header at 0.5.11-0.151010
>>>>>>>
>>>>>>> ~/src/CalendarServer/PyKerberos $ pkg info pkg:/service/security/gss at 0.5.11-0.151010 pkg:/system/library/security/gss at 0.5.11-0.151010 pkg:/system/kernel/security/gss at 0.5.11-0.151010 pkg:/system/header at 0.5.11-0.151010
>>>>>>>
>>>>>>> Name: service/security/gss
>>>>>>> Summary: GSSAPI CONFIG V2
>>>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>>>> 2 - config
>>>>>>> Category: System/Security
>>>>>>> State: Installed
>>>>>>> Publisher: omnios
>>>>>>> Version: 0.5.11
>>>>>>> Build Release: 5.11
>>>>>>> Branch: 0.151010
>>>>>>> Packaging Date: Mon Apr 28 19:28:56 2014
>>>>>>> Size: 17.53 kB
>>>>>>> FMRI: pkg://omnios/service/security/gss@0.5.11,5.11-0.151010:20140428T192856Z <pkg://omnios/service/security/gss@0.5.11,5.11-0.151010:20140428T192856Z>
>>>>>>>
>>>>>>> Name: system/header
>>>>>>> Summary: SunOS Header Files
>>>>>>> Description: SunOS C/C++ header files for general development of software
>>>>>>> Category: System/Core
>>>>>>> State: Installed
>>>>>>> Publisher: omnios
>>>>>>> Version: 0.5.11
>>>>>>> Build Release: 5.11
>>>>>>> Branch: 0.151010
>>>>>>> Packaging Date: Mon Apr 28 19:29:16 2014
>>>>>>> Size: 12.19 MB
>>>>>>> FMRI: pkg://omnios/system/header@0.5.11,5.11-0.151010:20140428T192916Z <pkg://omnios/system/header@0.5.11,5.11-0.151010:20140428T192916Z>
>>>>>>>
>>>>>>> Name: system/kernel/security/gss
>>>>>>> Summary: kernel GSSAPI V2
>>>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>>>> 2 - kernel
>>>>>>> Category: System/Security
>>>>>>> State: Installed
>>>>>>> Publisher: omnios
>>>>>>> Version: 0.5.11
>>>>>>> Build Release: 5.11
>>>>>>> Branch: 0.151010
>>>>>>> Packaging Date: Mon Apr 28 19:29:21 2014
>>>>>>> Size: 335.22 kB
>>>>>>> FMRI: pkg://omnios/system/kernel/security/gss@0.5.11,5.11-0.151010:20140428T192921Z <pkg://omnios/system/kernel/security/gss@0.5.11,5.11-0.151010:20140428T192921Z>
>>>>>>>
>>>>>>> Name: system/library/security/gss
>>>>>>> Summary: GSSAPI V2
>>>>>>> Description: Generic Security Service Application Program Interface, Version
>>>>>>> 2 - user
>>>>>>> Category: System/Security
>>>>>>> State: Installed
>>>>>>> Publisher: omnios
>>>>>>> Version: 0.5.11
>>>>>>> Build Release: 5.11
>>>>>>> Branch: 0.151010
>>>>>>> Packaging Date: Mon Apr 28 19:29:26 2014
>>>>>>> Size: 687.41 kB
>>>>>>> FMRI: pkg://omnios/system/library/security/gss@0.5.11,5.11-0.151010:20140428T192926Z <pkg://omnios/system/library/security/gss@0.5.11,5.11-0.151010:20140428T192926Z>
>>>>>>> ------
>>>>>>>
>>>>>>>
>>>>>>> Could anyone help me with the issue?
>>>>>>>
>>>>>>> Thanks
>>>>>>> Olaf Marzocchi
>>>>>>
>>>>>> _______________________________________________
>>>>>> calendarserver-users mailing list
>>>>>> calendarserver-users at lists.macosforge.org <mailto:calendarserver-users at lists.macosforge.org>
>>>>>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users <https://lists.macosforge.org/mailman/listinfo/calendarserver-users>
>>>>>
>>>>> _______________________________________________
>>>>> calendarserver-users mailing list
>>>>> calendarserver-users at lists.macosforge.org <mailto:calendarserver-users at lists.macosforge.org>
>>>>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users <https://lists.macosforge.org/mailman/listinfo/calendarserver-users>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20141109/8da42631/attachment-0001.html>
More information about the calendarserver-users
mailing list