[KLUG Members] Kerberos

Jeremy Leonard Lists at elite4god.com
Wed Sep 21 12:13:36 EDT 2005
Previous message: [KLUG Members] Kerberos
Next message: [KLUG Members] Kerberos
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Adam Tauno Williams wrote:

>>>>>> I'm trying to set up Kerberos Authentication for Apache2 on SLES9.
>>>>>> I've been unable to find rpm's or successfully compile an auth 
>>>>>> mod for Apache2.
>>>>>> I decided to use pam_auth_mod and configure pam to use kerberos.
>>>>>> The problem I'm running into is this.
>>>>>> When I log in to the system either using pam or via apache the 
>>>>>> request never gets sent to the Kerberos server unless there is an 
>>>>>> existing local account in passwd. Then even if there is a local 
>>>>>> account kerberos auth still fails.
>>>>>
>>>>> What are you using for NSS?
>>>>
>>> Kerberos is an authorization/authentication system; it is not a name
>>> service.  It must be used in conjunction with a name service - so you
>>> can setup LDAP or <trembles/> NIS.
>>
>> I don't have the option for either. This is a college that's part of 
>> a larger university.
>> The university runs a kerberos server with all the faculty and 
>> students. Over 100,000 users.
>> They don't offer LDAP or NIS. Only Kerberos.
>
>
> Really?  I'd double check as it is VERY VERY hard to imagine a network of
> 100,000 users without an operational name service (I mean - how would 
> anything
> work?  Perhaps they use Active Dirctory?  An NT domain?  Both of these 
> provide
> a name service.)
>
>> What I'm really looking for is web auth. I only started looking at 
>> pam because SLES9 doesn't come with mod_kerb and I couldn't find a 
>> suitable RPM for it. Meaning one that works.
>
>
> Ah,  without a name service I think you are out of luck as far as PAM 
> goes - at
> least without using some spooky incantations that are going to make 
> your system
> impossible to maintain.  You should be able to make mod_kerb work,  
> but probably
> not anything PAM related.
>
> Aside:  I'm not sure how PAM auth works via Apache, but if you can 
> specify a PAM
> service name and make a separate PAM stack with only an authenticate 
> line and no
> session or account entries.... MAYBE that would work?
>
I've given up on using PAM. I got it to perform the kerberos query but 
pam returns un-authenticated.

I'm now trying to compile mod_auth_krb5 for apache2.

Here is what I'm getting:

When I run ./configure I get this:

checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking whether make sets $(MAKE)... yes
checking for main in -lresolv... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking for krb5_init_context in -lkrb5... no
checking for krb5_init_context in -lkrb5... (cached) no
checking for krb5_init_context in -lkrb5... (cached) no
checking for Kerberos4 installation... no
configure: error: No Kerberos enviroment found

config.log:
---------snipit-------------
configure:3306: checking for krb5_init_context in -lkrb5
configure:3337: gcc -o conftest -g -O2   conftest.c -lkrb5   -L/usr/lib 
-lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lresolv -lresolv >&5
/usr/lib/gcc-lib/i586-suse-linux/3.3.3/../../../../i586-suse-linux/bin/ld: 
cannot find -lcrypto
collect2: ld returned 1 exit status
configure:3340: $? = 1
---------end snipit-------------


I can't seem to get beyond this.
Previous message: [KLUG Members] Kerberos
Next message: [KLUG Members] Kerberos
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Members mailing list