heimdal-1.6rc2

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

heimdal-1.6rc2

Love Hörnquist Åstrand-5
Hello

Heimdal-1.6rc2 was uploaded the the ftp/http server earlier this morning.


You can find source code here, I’ll upload Mac OSX packages this evening.

        http://www.h5l.org/dist/src/heimdal-1.6rc2.tar.gz

You can find windows packages here (no windows related changes in rc2, so rc1 build available).

        http://www.secure-endpoints.com/heimdal/

Please test and report issues.


Reply | Threaded
Open this post in threaded view
|

heimdal-1.6rc2 - Preliminary Test Results

Sergio NNX
> Heimdal-1.6rc2 was uploaded the the ftp/http server earlier this morning.
> Please test and report issues.

Thanks for this.

Preliminary Test Results

Compiler: GCC 4.7.2

lib/asn1

- check-template FAILS with: 'decoding of seqof3 2 failed 12'

lib/krb5

- store-test FAILS        (runtime exception if KRB5_CONFIG not set !)

Program received signal SIGSEGV, Segmentation fault.
0x00404808 in krb5_free_context ()
(gdb) bt
#0  0x00404808 in krb5_free_context ()
#1  0x0061183e in main ()

When 'make check' is run within lib/krb5, KRB5_CONFIG env var is not set, causing almost all tests
to fail!

I'm not an English native speaker. However, I don't think the below 'clauses' are proper English:

- 'submissing new requests to new host'

- 'KDC send 0 patypes'

- 'writing packet'

- 'reading packet'

Some spelling mistakes (several occurences within the source code tree):

- 'certifiate with a public key'

- 'usage missing from certifiate'


More to come!

Cheers.
Reply | Threaded
Open this post in threaded view
|

heimdal-1.6rc2 - Preliminary Test Results - Cont'd

Sergio NNX
Hi all,

Just to report a runtime exception when running 'kadmin/add_random_users'
It always segfaults irrespective of the setup.

Backtrace details

[New Thread 2052.0x334]
[New Thread 2052.0x5c8]

Program received signal SIGSEGV, Segmentation fault.
0x00402075 in kadm5_s_init_with_context.isra.0 ()
(gdb) bt
#0  0x00402075 in kadm5_s_init_with_context.isra.0 ()
#1  0x0073c816 in main ()

Cheers.

Sergio.
Reply | Threaded
Open this post in threaded view
|

heimdal-1.6rc2 - 'make clean'

Sergio NNX
Ciao.

Just to confirm whether this is the intended behaviour:

a) make clean (after a successful 'make all')
b) make all

This is what you get:

make[2]: Entering directory `/src/heimdal-1.6rc2/lib/base'
  CC       array.lo
In file included from array.c:36:0:
baselocl.h:68:26: fatal error: heim_threads.h: No such file or directory
compilation terminated.
make[2]: *** [array.lo] Error 1
make[2]: Leaving directory `/src/heimdal-1.6rc2/lib/base'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/src/heimdal-1.6rc2/lib'
make: *** [all-recursive] Error 1


Apparently, 'make clean' command deletes a couple of header files. However, they are needed by 'make all'

Cheers.

Sergio.
Reply | Threaded
Open this post in threaded view
|

Re: heimdal-1.6rc2 - 'make clean'

Ken Dreyer-2
On Tue, Feb 25, 2014 at 2:48 PM, Sergio NNX <[hidden email]> wrote:
> Ciao.
>
> Just to confirm whether this is the intended behaviour:

The behavior is not intentional, but no one's contributed patches to
fix "make clean" to work properly.

The alternate solutions are to build out of tree or use "git clean
-xfd". There was some discussion about this on the Heimdal email list
back in August 2013.

- Ken
Reply | Threaded
Open this post in threaded view
|

Re: heimdal-1.6rc2 - Preliminary Test Results

Nico Williams
In reply to this post by Sergio NNX
What operating system is this on?
Reply | Threaded
Open this post in threaded view
|

Re: heimdal-1.6rc2 - 'make clean'

Nico Williams
In reply to this post by Ken Dreyer-2
How about we make configure.ac to error out when srcdir and objdir are
the same...?

Nico
--
Reply | Threaded
Open this post in threaded view
|

Re: heimdal-1.6rc2 - 'make clean'

Love Hörnquist Åstrand
Or rename the files to .hin and always copy them, need help to get that working on windows though.

Skickat från min iPad

> 26 feb 2014 kl. 21:31 skrev "Nico Williams" <[hidden email]>:
>
> How about we make configure.ac to error out when srcdir and objdir are
> the same...?
>
> Nico
> --
Reply | Threaded
Open this post in threaded view
|

RE: heimdal-1.6rc2 - 'make clean'

Sergio NNX
> Or rename the files to .hin and always copy them, need help to get that working on windows though.

There are quite a few things which need fixing/improving on several platforms, I must sadly confirm! (We are getting there though)
Just you mention Mr. Bill G..., I have installed the MSI package from here: http://www.secure-endpoints.com/heimdal/, as advised on a previous email. To my surprise, it contains only one executable. The same website mentions/lists several client tool utilities, such as: klist, and so on. Do you know, by any chance, where they can be downloaded from?
Besides, when I run that 'solo' executable, it doesn't do anything!

Unfortunately, I'm unable to fix issues and/or contribute patches since I'm just a 'mere' user with limited/basic knowledge about autotools, C language, etc. Having said that, I do my best at testing and reporting. I have noticed that some open source projects seem to be very good at testing their project(s) on different platforms/architectures. For instance, have a look at this website: http://curl.haxx.se/download.html


Thanks for this great project.

Sergio.
Reply | Threaded
Open this post in threaded view
|

Re: heimdal-1.6rc2 - 'make clean'

Jeffrey Altman-2
On 2/27/2014 6:12 AM, Sergio NNX wrote:
>> Or rename the files to .hin and always copy them, need help to get
> that working on windows though.

Renaming these files to .hin will not break the Windows build.

> There are quite a few things which need fixing/improving on several
> platforms, I must sadly confirm! (We are getting there though)
> Just you mention Mr. Bill G..., I have installed the MSI package from
> here:
> <http://www.secure-endpoints.com/heimdal/.>http://www.secure-endpoints.com/heimdal/
> <http://www.secure-endpoints.com/heimdal/,>, as advised on a previous
> email. To my surprise, it contains only one executable. The same website
> mentions/lists several client tool utilities, such as: klist, and so on.
> Do you know, by any chance, where they can be downloaded from?

All executables are included in the installer.

> Besides, when I run that 'solo' executable, it doesn't do anything!

It would help if you specified what executable you are describing.  I am
not familiar with any executable called "solo.exe".

This is from the installation of the 64-bit Heimdal 1.6 pre2 installer
on 64-bit Windows 7.

[C:\Program Files\Heimdal\bin]dir *.exe

 Volume in drive C is Windows7_OS    Serial number is 2cd5:1fe0
 Directory of  C:\Program Files\Heimdal\bin\*.exe

 2/24/2014   6:58          66,400  heimtools.exe
 2/24/2014   6:59         150,880  kadmin.exe
 2/24/2014   6:58          33,120  kcpytkt.exe
 2/24/2014   6:58          33,120  kdeltkt.exe
 2/24/2014   6:58          33,632  kdestroy.exe
 2/24/2014   6:58          55,136  kdigest.exe
 2/24/2014   6:58          61,280  kinit.exe
 2/24/2014   6:58          66,400  klist.exe
 2/24/2014   6:59          34,144  kpasswd.exe
 2/24/2014   6:58          66,400  kswitch.exe
 2/24/2014   6:59          72,544  ktutil.exe
 2/24/2014   6:58          34,656  kvno.exe
           707,712 bytes in 12 files and 0 dirs    737,280 bytes allocated
   294,833,025,024 bytes free


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Heimdal/OpenLDAP Integration

Sergio NNX
Ciao all,

This is the very first time I'm attempting integration between Heimdal 1.6.2.0 & OpenLDAP 2.4.39. Ergo, bear with me!

I'm following this guide here: http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html

OpenLDAP is up and running. Then, when I try to create the database, using kadmin, I get the following:

kadmin -l -r TEST.H5L.SE
kadmin> init TEST.H5L.SE
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: create_random_entry(krbtgt/[hidden email]): randkey failed: ldap_add_ext_s: krbtgt/[hidden email] (DN=krb5PrincipalName=krbtgt/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s: kadmin/[hidden email] (DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s: kadmin/[hidden email] (DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(changepw/[hidden email]): randkey failed: ldap_add_ext_s: changepw/[hidden email] (DN=krb5PrincipalName=changepw/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s: kadmin/[hidden email] (DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(WELLKNOWN/[hidden email]): randkey failed: ldap_add_ext_s: WELLKNOWN/[hidden email] (DN=krb5PrincipalName=WELLKNOWN/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation:object class 'inetOrgPerson' requires attribute 'sn'
kadmin: create_random_entry(WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L): randkey failed: ldap_add_ext_s: WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L (DN=krb5PrincipalName=WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L,ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
kadmin: kadm5_create_principal: ldap_add_ext_s: [hidden email] (DN=krb5PrincipalName=[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'

Note that if I don't use LDAP, the above command works fine.

Please, help!

Thanks in advance.

Sergio.
Reply | Threaded
Open this post in threaded view
|

Re: Heimdal/OpenLDAP Integration

Joakim Fallsjo-2
Hi,

try comment out

[kdc]database/hdb-ldap-structural-object = inetOrgPerson

The default should then be 'account' for Kerberos objects.

/JockeF

On 28 Feb 2014, at 17:33 , Sergio NNX <[hidden email]> wrote:

> Ciao all,
>
> This is the very first time I'm attempting integration between Heimdal 1.6.2.0 & OpenLDAP 2.4.39. Ergo, bear with me!
>
> I'm following this guide here: http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html
>
> OpenLDAP is up and running. Then, when I try to create the database, using kadmin, I get the following:
>
> kadmin -l -r TEST.H5L.SE
> kadmin> init TEST.H5L.SE
> Realm max ticket life [unlimited]:
> Realm max renewable ticket life [unlimited]:
> kadmin: create_random_entry(krbtgt/[hidden email]): randkey failed: ldap_add_ext_s:krbtgt/[hidden email](DN=krb5PrincipalName=krbtgt/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s:kadmin/[hidden email](DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s:kadmin/[hidden email](DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(changepw/[hidden email]): randkey failed: ldap_add_ext_s:changepw/[hidden email](DN=krb5PrincipalName=changepw/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(kadmin/[hidden email]): randkey failed: ldap_add_ext_s:kadmin/[hidden email](DN=krb5PrincipalName=kadmin/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(WELLKNOWN/[hidden email]): randkey failed: ldap_add_ext_s:WELLKNOWN/[hidden email](DN=krb5PrincipalName=WELLKNOWN/[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation:object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: create_random_entry(WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L): randkey failed: ldap_add_ext_s: WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L (DN=krb5PrincipalName=WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L,ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
> kadmin: kadm5_create_principal: ldap_add_ext_s: [hidden email](DN=krb5PrincipalName=[hidden email],ou=Kerberos,dc=example,dc=com) Object class violation: object class 'inetOrgPerson' requires attribute 'sn'
>
> Note that if I don't use LDAP, the above command works fine.
>
> Please, help!
>
> Thanks in advance.
>
> Sergio.

Reply | Threaded
Open this post in threaded view
|

RE: Heimdal/OpenLDAP Integration

Sergio NNX
> try comment out
>
> [kdc]database/hdb-ldap-structural-object = inetOrgPerson
>
> The default should then be 'account' for Kerberos objects.

You are bloody (sorry) right, JockeF. After reading that online guide again, I figured it out. Thanks.

Another newbie question. At the moment, my OpenLDAP server doesn't have SASL support. Which are the binding options? Should I enable SASL? TLS? Is there any updated guide/wiki out there I could have a look at?

Thanks again.

Sergio.
Reply | Threaded
Open this post in threaded view
|

Re: Heimdal/OpenLDAP Integration

Henry B Hotz

On Feb 28, 2014, at 10:04 AM, Sergio NNX <[hidden email]> wrote:

> try comment out
> 
> [kdc]database/hdb-ldap-structural-object = inetOrgPerson
> 
> The default should then be 'account' for Kerberos objects.

You are bloody (sorry) right, JockeF. After reading that online guide again, I figured it out. Thanks.

Another newbie question. At the moment, my OpenLDAP server doesn't have SASL support. Which are the binding options? Should I enable SASL? TLS? Is there any updated guide/wiki out there I could have a look at?

Full disclosure: I don't like using an LDAP back-end.

I generically recommend you enable SASL, since it allows you to use GSSAPI/Kerberos to control access to LDAP. That said, if the LDAP is on the same machine as Kerberos, and ldapi:// is the only access allowed, then you don't need it.

Thanks again.

Sergio.

Personal email.  [hidden email]



Reply | Threaded
Open this post in threaded view
|

heimdal-1.6 ? [was: heimdal-1.6rc2]

Fredrik Pettai
In reply to this post by Love Hörnquist Åstrand-5

Hi,

On Feb 19, 2014, at 01:37 , Love Hörnquist Åstrand <[hidden email]> wrote:

> Hello
>
> Heimdal-1.6rc2 was uploaded the the ftp/http server earlier this morning.
>
>
> You can find source code here, I’ll upload Mac OSX packages this evening.
>
> http://www.h5l.org/dist/src/heimdal-1.6rc2.tar.gz
>
> You can find windows packages here (no windows related changes in rc2, so rc1 build available).
>
> http://www.secure-endpoints.com/heimdal/
>
> Please test and report issues.


It was some time ago 1.6rc2 was released… is there something still in the way for doing the final releasing of 1.6?

Re,
/P