Heimdal 7.1 release announcement.

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Heimdal 7.1 release announcement.

Viktor.Dukhovni
Dear Heimdal Community,

A team consisting of staff from Two Sigma Open Source and AuriStor are
pleased to announce the release of Heimdal 7.1.

The release download page is:

    https://github.com/heimdal/heimdal/releases/tag/heimdal-7.1.0

The source tarball can be downloaded from:

    https://github.com/heimdal/heimdal/releases/download/heimdal-7.1.0/heimdal-7.1.0.tar.gz
    https://github.com/heimdal/heimdal/releases/download/heimdal-7.1.0/heimdal-7.1.0.tar.gz.sig

    SHA256(heimdal-7.1.0.tar.gz)= cee58ab3a4ce79f243a3e73f465dac19fe2b93ef1c5ff244d6f1d689fedbde2d
    SHA1(heimdal-7.1.0.tar.gz)= 72d79c7c6953047f3949a5f7d03c20237ff69c69

The signature key fingerprint is: E659 41B7 1CF3 C459 A34F  A89C 45E7 572A 28CD 8CC8

Why 7?

    We are adopting a new versioning scheme.

        o  Each feature release will have a new major number.

        o  The minor will be a patch level.  A value of 0 is
           reserved for release candidates.  A value of 99 is
           reserved for development.

        o  Stable releases will not have a micro number (always 0).

        o  Micro numbers will be incremented in release candidates
           and development as needed.

    For example, the release candidates for 7.1 were 7.0.1, 7.0.2 and
    All bug fixes will then be 7.2, 7.3, etc.

    New development for Heimdal 8 will be 7.99.1, 7.99.2, 7.99.3, etc.

    When the next feature release is issued its version number will
    start with 8.0.1 as the first release candidate and the first
    release will be 8.1.

Major changes in Heimdal 7:

    We have a lot of major improvements since our last official
    release, including:

        o  hcrypto is now thread safe on all platforms and
           as much as possible hcrypto now uses the operating
           system's preferred crypto implementation ensuring
           that optimized hardware assisted implementations of
           AES-NI are used.

        o  RFC 6113 Generalized Framework for Kerberos
           Pre-Authentication (FAST).

        o  Hierarchical capath support

        o  iprop has been revamped to fix a number of race
           conditions that could lead to inconsistent replication.

        o  The KDC process now uses a multi-process model improving
           resiliency and performance.

        o  AES Encryption with HMAC-SHA2 for Kerberos 5
           draft-ietf-kitten-aes-cts-hmac-sha2-11

        o  Moved kadmin and ktutil to /usr/bin

        o  Stricter fcache checks (see fcache_strict_checking krb5.conf setting)

        o  Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
           telnet, xnlock

    For a more detailed list of changes please see:

        https://github.com/heimdal/heimdal/blob/master/NEWS

    which contains a bullet point summary of the major security,
    feature and bug fix changes that have been applied to the Heimdal
    source tree over the last four years since the release of 1.5.3.

    We expect that the ABI for libgssapi and libkrb5 is unchanged from
    the prior release (1.5.3).

Credits:

    At least the following individuals have contributed to Heimdal 7,
    (please pardon any omissions):

    Abhinav Upadhyay        Heath Kehoe             Nico Williams
    Andreas Schneider       Henry Jacques           Patrik Lundin
    Andrew Bartlett         Howard Chu              Philip Boulain
    Andrew Tridgell         Igor Sobrado            Ragnar Sundblad
    Antoine Jacoutot        Ingo Schwarze           Remi Ferrand
    Arran Cudbard-Bell      Jakub Čajka             Rod Widdowson
    Arvid Requate           James Le Cuirot         Rok Papež
    Asanka Herath           James Lee               Roland C. Dowdeswell
    Ben Kaduk               Jeffrey Altman          Ross L Richardson
    Benjamin Kaduk          Jeffrey Clark           Russ Allbery
    Bernard Spil            Jeffrey Hutzelman       Samuel Cabrero
    Brian May               Jelmer Vernooij         Samuel Thibault
    Chas Williams           Ken Dreyer              Santosh Kumar Pradhan
    Chaskiel Grundman       Kiran S J               Sean Davis
    Dana Koch               Kumar Thangavelu        Sergio Gelato
    Daniel Schepler         Landon Fuller           Simon Wilkinson
    David Mulder            Linus Nordberg          Stef Walter
    Douglas Bagnall         Love Hörnquist Åstrand  Stefan Metzmacher
    Ed Maste                Luke Howard             Steffen Jaeckel
    Eray Aslan              Magnus Ahltorp          Timothy Pearson
    Florian Best            Marc Balmer             Tollef Fog Heen
    Fredrik Pettai          Marcin Cieślak          Tony Acero
    Greg Hudson             Marco Molteni           Uri Simchoni
    Gustavo Zacarias        Matthieu Hautreux       Viktor Dukhovni
    Günther Deschner        Michael Meffie          Volker Lendecke
    Harald Barth            Moritz Lenz

--
   The Heimdal Release Team.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

7.1 compile errors when using libintl at non standard location (Was: Heimdal 7.1 release announcement)

Harald Barth-2

Compile errors:

../heimdal-7.1.0/configure --with-libintl --with-libintl-include=/usr/local/include --with-libintl-lib=/usr/local/lib --prefix=/usr/heimdal-7.1.0 --disable-kcm --with-openssl --with-openssl-include=/usr/include --with-openssl-lib=/usr/lib --disable-otp --enable-pthread-support --with-readline=/usr/local --with-hdbdir=/var/heimdal --without-berkeley-db --enable-digest --with-ipv6 --enable-kx509 --without-openldap --enable-pk-init --with-sqlite3 --with-sqlite3-include=/usr/local/include --with-sqlite3-lib=/usr/local/lib --with-x --x-libraries=/usr/local/lib --x-includes=/usr/local/include  --localstatedir=/var  --disable-silent-rules

My configure says --with-libintl-include=/usr/local/include but the compile line to array.c does not include a -I/usr/local/include, thus:

libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../../../heimdal-7.1.0/lib/base -I../../include -I../../../heimdal-7.1.0/include -I../../lib/roken -I../../../heimdal-7.1.0/lib/roken -DROKEN_RENAME -D_LARGE_FILES= -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow -DINET6 -g -O2 -MT array.lo -MD -MP -MF .deps/array.Tpo -c ../../../heimdal-7.1.0/lib/base/array.c  -fPIC -DPIC -o .libs/array.o
In file included from ../../../heimdal-7.1.0/lib/base/array.c:36:
../../../heimdal-7.1.0/lib/base/baselocl.h:47:10: fatal error: 'libintl.h' file
      not found
#include <libintl.h>
         ^
1 error generated.

Workaround: Append to configure 'CFLAGS="-I/usr/local/include"'

Then later there is a link error for some symbol from libintl. So:

Workaround: Append to configure 'LDFLAGS="-L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -lintl"

Looks to me you need to pass what was gathered from the configure
options to the places where needed for the build.

Sorry, I did not have this FreeBSD 11 environment ready when you released the candidates.
Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Heimdal 7.1 and the sqlite backend

Harald Barth-2
In reply to this post by Viktor.Dukhovni

I have "limited" (read "so far no") success in running heimdal with
the sqlite db backend.

I'm trying to get the sqlite backend to work lik this in
/etc/krb5.conf and /var/heimdal/kdc.conf:

[kadmin]
 database = {
    dbname = sqlite:/var/heimdal/heimdal.sqlite
    realm = TEST
 }
 require_preauth = true
[kdc]
 database = {
    dbname = sqlite:/var/heimdal/heimdal.sqlite
    realm = TEST
 }
 require_preauth = true

Which resulted in a file named /var/heimdal/heimdal.sqlite that looks
like an sqlite database and an error when doing the init with kadmin -l:

# kadmin -l
kadmin> init TEST
kadmin: hdb_open: dbopen (/var/heimdal/heimdal): Inappropriate file type or format
kadmin>

So somethiung I'm missing here, help or pointers to documentation how
to set this up appreciated.

Or what alternate backend do think is solid and stable and why? ;-)
I am not planning to use ldap =;-)

Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Quanah Gibson-Mount-2

> Or what alternate backend do think is solid and stable and why? ;-)
> I am not planning to use ldap =;-)

With Heimdal 7.1, you can use LMDB as the backend, the same backend behind OpenLDAP's back-mdb database storage.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 7.1 compile errors when using libintl at non standard location (Was: Heimdal 7.1 release announcement)

Jeffrey Hutzelman
In reply to this post by Harald Barth-2
On December 22, 2016 7:39:24 AM EST, Harald Barth <[hidden email]> wrote:

>My configure says --with-libintl-include=/usr/local/include but the
>compile line to array.c does not include a -I/usr/local/include, thus:

What happens if instead you use --with-libintl=/usr/local ?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Jeffrey Hutzelman
In reply to this post by Harald Barth-2
On December 22, 2016 8:25:08 AM EST, Harald Barth <[hidden email]> wrote:

>
>I have "limited" (read "so far no") success in running heimdal with
>the sqlite db backend.
>
>I'm trying to get the sqlite backend to work lik this in
>/etc/krb5.conf and /var/heimdal/kdc.conf:
>
>[kadmin]
> database = {
>    dbname = sqlite:/var/heimdal/heimdal.sqlite
>    realm = TEST
> }
> require_preauth = true
>[kdc]
> database = {
>    dbname = sqlite:/var/heimdal/heimdal.sqlite
>    realm = TEST
> }
> require_preauth = true
>
>Which resulted in a file named /var/heimdal/heimdal.sqlite that looks
>like an sqlite database and an error when doing the init with kadmin
>-l:
>
># kadmin -l
>kadmin> init TEST
>kadmin: hdb_open: dbopen (/var/heimdal/heimdal): Inappropriate file
>type or format
>kadmin>
>
>So somethiung I'm missing here, help or pointers to documentation how
>to set this up appreciated.
>
>Or what alternate backend do think is solid and stable and why? ;-)
>I am not planning to use ldap =;-)
>
>Harald.

kadmin -l is not a kdc and probably does not read kdc.conf.  I've not looked at the current code to see how much of this was resolved, but we used to have to patch a bunch of places to get kadmin -l and a bunch of the servers to read kdc.conf.

-- Jeff
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 7.1 compile errors when using libintl at non standard location

Harald Barth-2
In reply to this post by Jeffrey Hutzelman

> What happens if instead you use --with-libintl=/usr/local ?

Stops at same place, no improvement over previous run.

Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Harald Barth-2
In reply to this post by Jeffrey Hutzelman

> kadmin -l is not a kdc and probably does not read kdc.conf. I've not
> looked at the current code to see how much of this was resolved, but
> we used to have to patch a bunch of places to get kadmin -l and a
> bunch of the servers to read kdc.conf.

That's why I copied it to /etc/krb5.conf but I have not analyzed the
config file parsing yet, I hoped someone could provide me with a
working example (/me lazy ;-)

Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Marcin Cieslak-3
On Thu, 22 Dec 2016, Harald Barth wrote:

>
> > kadmin -l is not a kdc and probably does not read kdc.conf. I've not
> > looked at the current code to see how much of this was resolved, but
> > we used to have to patch a bunch of places to get kadmin -l and a
> > bunch of the servers to read kdc.conf.
>
> That's why I copied it to /etc/krb5.conf but I have not analyzed the
> config file parsing yet, I hoped someone could provide me with a
> working example (/me lazy ;-)

I think I've had a similar issue when upgrading to some 1.5 release I believe
and switch the kdc database to sqlite in /etc/krb5.conf

[kdc]
    database = {
        dbname = sqlite:/var/db/heimdal/heimdal
    }

helped me to make it work.

If there is some mismatch between kdc/kadmin defaults it was there earlier.

Marcin
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Nico Williams
In reply to this post by Harald Barth-2
On Thu, Dec 22, 2016 at 09:32:16PM +0100, Harald Barth wrote:
> > kadmin -l is not a kdc and probably does not read kdc.conf. I've not
> > looked at the current code to see how much of this was resolved, but
> > we used to have to patch a bunch of places to get kadmin -l and a
> > bunch of the servers to read kdc.conf.
>
> That's why I copied it to /etc/krb5.conf but I have not analyzed the
> config file parsing yet, I hoped someone could provide me with a
> working example (/me lazy ;-)

Use strace or equivalent to a) make sure that kadmin -l is reading the
correct config file, b) to see what files in /var/heimdal (or wherever)
it's trying to open.  If it reads the correct config file but the wrong
HDB path, that would be surprising.

Nico
--
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Nico Williams
For good measure I'll be running tests in a tree built with ./configure
--with-db-preference=sqlite, which should have the effect of using a
SQLite3 HDB in tests/kdc/check-kadmin.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Nico Williams
On Thu, Dec 22, 2016 at 04:21:59PM -0600, Nico Williams wrote:
> For good measure I'll be running tests in a tree built with ./configure
> --with-db-preference=sqlite, which should have the effect of using a
> SQLite3 HDB in tests/kdc/check-kadmin.

I had to modify tests/kdc/krb5.conf.in to make real sure it used the
sqlite backend, but other than that, it worked.  I used master, not the
release, but I'm certain 7.1 will work too.  I think the key is to make
sure that kadmin -l is using the correct config file.  Look at
tests/kdc/krb5.conf.in for an example of how to specify a backend.

Nico
--
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Henry B (Hank) Hotz, CISSP-2
In reply to this post by Jeffrey Hutzelman

> On Dec 22, 2016, at 8:53 AM, Jeffrey Hutzelman <[hidden email]> wrote:

[. . .]

> kadmin -l is not a kdc and probably does not read kdc.conf.  I've not looked at the current code to see how much of this was resolved, but we used to have to patch a bunch of places to get kadmin -l and a bunch of the servers to read kdc.conf.
>
> — Jeff

+1  I recall the issue. Consistency would be nice.

Personal email.  [hidden email]



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Nico Williams
On Thu, Dec 22, 2016 at 03:18:28PM -0800, Henry B (Hank) Hotz, CISSP wrote:
> > On Dec 22, 2016, at 8:53 AM, Jeffrey Hutzelman <[hidden email]> wrote:
> [. . .]
>
> > kadmin -l is not a kdc and probably does not read kdc.conf.  I've not looked at the current code to see how much of this was resolved, but we used to have to patch a bunch of places to get kadmin -l and a bunch of the servers to read kdc.conf.
> >
> > — Jeff
>
> +1  I recall the issue. Consistency would be nice.

Can we also not just also deprecate kdc.conf?

BTW, this code is in kadmin and kadmind:

184     if (config_file == NULL) {
185         aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
186         if (aret == -1)
187             errx(1, "out of memory");
188     }
189
190     ret = krb5_prepend_config_files_default(config_file, &files);

So if you don't give kadmin -l a -c (--config-file) option, then it will
try reading kdc.conf from the directory listed in the default krb5.conf
in [hdb] db_dir.

Similar -the same, really- code is in kdc, kpasswdd, iprop-log,
ipropd-master, and ipropd-slave.

So, in /etc/krb5.conf you should have this:

[hdb]
    db-dir = /var/heimdal

(or wherever you put your HDB)

and in there you should have a kdc.conf or a symlink to it.

It should just work, though, admittedly, we don't have a test for this.

Nico
--
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 release announcement.

Jelmer Vernooij-2
In reply to this post by Viktor.Dukhovni
Hi Viktor, Nico, Jeffrey,

On Wed, Dec 21, 2016 at 07:04:01PM -0500, [hidden email] wrote:
> Dear Heimdal Community,
>
> A team consisting of staff from Two Sigma Open Source and AuriStor are
> pleased to announce the release of Heimdal 7.1.
Many thanks for picking this up and getting 7.1 out!

Cheers,

Jelmer
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Henry B (Hank) Hotz, CISSP-2
In reply to this post by Nico Williams
Fine by me. Only value I see is being able to use a client krb5.conf on a kdc, which IMO doesn't justify the extra complexity.

Personal email. [hidden email]

> On Dec 23, 2016, at 1:18 PM, Nico Williams <[hidden email]> wrote:
>
> Can we also not just also deprecate kdc.conf?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Harald Barth-2
In reply to this post by Nico Williams

>> For good measure I'll be running tests in a tree built with ./configure
>> --with-db-preference=sqlite, which should have the effect of using a
>> SQLite3 HDB in tests/kdc/check-kadmin.
>
> I had to modify tests/kdc/krb5.conf.in to make real sure it used the
> sqlite backend, but other than that, it worked.  I used master, not the
> release, but I'm certain 7.1 will work too.

Ehum....

make  check-TESTS check-local
FAIL: loaddump-db
FAIL: add-modify-delete
PASS: check-dbinfo
FAIL: check-aliases
============================================================================
Testsuite summary for Heimdal 7.1.0
============================================================================
# TOTAL: 4
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  3
# XPASS: 0
# ERROR: 0
============================================================================
See tests/db/test-suite.log
Please report to https://github.com/heimdal/heimdal/issues
============================================================================

And there it says:



============================================
   Heimdal 7.1.0: tests/db/test-suite.log
============================================

# TOTAL: 4
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  3
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: loaddump-db
=================

kadmin: No database support for /var/heimdal/heimdal
FAIL loaddump-db (exit status: 1)

FAIL: add-modify-delete
=======================

init database
kadmin: No database support for /var/heimdal/heimdal
FAIL add-modify-delete (exit status: 1)

FAIL: check-aliases
===================

Creating database
kadmin: No database support for /var/heimdal/heimdal
FAIL check-aliases (exit status: 1)

I suspect that this has something to do with it:

# cat dbinfo.out
label: default
        realm: no realm
        dbname: /var/heimdal/heimdal
        mkey_file: /var/heimdal/m-key
        acl_file: /var/heimdal/kadmind.acl

But do I need to set up that file as well? Seems to be broken at least
in the default test environment.

Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Harald Barth-2
In reply to this post by Nico Williams

> So, in /etc/krb5.conf you should have this:
>
> [hdb]
>     db-dir = /var/heimdal
>
> (or wherever you put your HDB)

Sure, and then it gets more and more confusing. I now start the
kdc and the kadmin with -c /etc/krb5.conf and have a symlink
in /var/heimdal/kdc.conf pointing to /etc/krb5.conf.

# /usr/heimdal-7.1.0/libexec/kdc  -c /etc/krb5.conf&
[1] 80459
# /usr/heimdal-7.1.0/bin/kadmin -l -c /etc/krb5.conf
kadmin> get *
kadmin: opening database: dbm_open(/var/heimdal/heimdal): No such file or directory
kadmin: kadm5_get_principals: dbm_open(/var/heimdal/heimdal): No such file or directory
kadmin> init TEST.PDC.KTH.SE
kadmin: hdb_open: hdb_open: failed initialize database /var/heimdal/heimdal
kadmin>

So kadmin is sure doing the wrong thing here

# cat /etc/krb5.conf
[hdb]
  db-dir = /var/heimdal
  dbname = sqlite:/var/heimdal/mydb.sqlite
[kdc]
 database = {
    dbname = sqlite:/var/heimdal/mydb.sqlite
    realm = TEST.PDC.KTH.SE
 }
 require_preauth = true
 enable-http = true
 tgt-use-strongest-session-key = true
 svc-use-strongest-session-key = true
 preauth-use-strongest-session-key = true
 use-strongest-server-key = true
 kdc_warn_pwexpire = 1w
[logging]
 kdc = 0-/FILE:/var/heimdal/kdc.log
 kdc = 0-/SYSLOG:INFO:USER
 default = 0-/FILE:/var/log/heimdal.log

Then I get the following logging from the kdc startup:

2016-12-28T13:57:20 label: default
2016-12-28T13:57:20     dbname: sqlite:/var/heimdal/mydb.sqlite
2016-12-28T13:57:20     mkey_file: sqlite:/var/heimdal/mydb.mkey
2016-12-28T13:57:20     acl_file: /var/heimdal/kadmind.acl

So the problem seems to be that I can not convince kadmin to open the
same database because I don't know what to write in the krb5.conf
to make that happen. I can verify with ktrace that /etc/krb5.conf
(see above) actually is read but then what logic is applied when
parsing - I have not found out how to follow that.

Harald.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 no success with database backend (sqlite and others)

Harald Barth-2

Well, not even when I unconfigure sqlite support it does not pass make check.

Error message: "kadmin: No database support for /var/heimdal/heimdal"

So I suspect that with

#  ./configure --with-libintl --with-libintl-include=/usr/local/include --with-libintl-lib=/usr/local/lib --prefix=/usr/heimdal-7.1.0-lmdb --disable-kcm --with-openssl --with-openssl-include=/usr/include --with-openssl-lib=/usr/lib --disable-otp --enable-pthread-support --with-readline=/usr/local --with-hdbdir=/var/heimdal --without-berkeley-db --enable-digest --with-ipv6 --enable-kx509 --without-openldap --enable-pk-init --without-sqlite3 --with-x --x-libraries=/usr/local/lib --x-includes=/usr/local/include --localstatedir=/var --disable-silent-rules --disable-ndbm-db --enable-mdb-db "CFLAGS=-I/usr/local/include" LDFLAGS="-L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -lintl"

it does produce some kind of broken hdb library that will not pass
make check, at least not om FreeBSD11 :-(

I'll continue in the search for a configure line that actually makes
something that passes make check to start with.

Harald.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Heimdal 7.1 and the sqlite backend

Harald Barth-2
In reply to this post by Harald Barth-2

The more I look at how the database backends are compiled in and
tested, the more puzzled I get.

1. Question:

When compiling with:

$ ../heimdal-7.1.0/configure --with-libintl --with-libintl-include=/usr/local/include --with-libintl-lib=/usr/local/lib --prefix=/usr/heimdal-7.1.0-lmdb --disable-kcm --with-openssl --with-openssl-include=/usr/include --with-openssl-lib=/usr/lib --disable-otp --enable-pthread-support --with-readline=/usr/local --enable-digest --with-ipv6 --enable-kx509 --without-openldap --enable-pk-init --with-sqlite3=/usr/local --with-x --x-libraries=/usr/local/lib --x-includes=/usr/local/include --localstatedir=/var --disable-silent-rules --disable-ndbm-db --enable-lmdb-db --enable-mdb-db CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -lintl

Is the following the expected result?

# /usr/local/src/heimdal-7.1.0-build-lmdb/kdc/kdc --builtin-hdb
builtin hdb backends: db:, db1:, mit-db:, mdb:, lmdb:, keytab:, sqlite:

What's the difference between mdb and lmdb?

2. Question:

What database backends should be tested?
My guess would be "all compiled in". So how do I best get the list
of db backends that should be compiled in?

3. Question:

When specifying a database backend as an argument to a test script,
should it be like "lmdb" or "lmdb:" or "lmdb:,"? The have-db script
is btw broken. IPS?!

oldIFS="$IFS"
IPS=,
set - ${list}
IFS="$oldIFS"

In my current compile all tests in db PASS. But then of course only
lmdb is tested.

4. Question:

The test which loads the text-dump-0.7 has a sed command that removes
stuff at the end of the output before the compare:


${kadmin} dump | sort | sed 's/[0-9]* -$//' > out-text-dump-0.7
sort < ${srcdir}/text-dump-0.7 | sed 's/[0-9]*$//' > out-text-dump-0.7-orig

if the output comes from the sqlite database, the lines are (before
the sed is taking place):

[hidden email] 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/[hidden email] - - - - 86400 604800 254 20050728203748:863727:0

[hidden email] 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/[hidden email] - - - - 86400 604800 254 20050728203748:863727:-1 -


What value is in the end?
Now the sed removes the "0" and the other sed the "1 -". Should the whole "-1 -" be removed?

Harald.
12
Loading...