Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

does not support MIT krb5 1.20 #6306

Closed
tjaalton opened this issue Aug 17, 2022 · 7 comments
Closed

does not support MIT krb5 1.20 #6306

tjaalton opened this issue Aug 17, 2022 · 7 comments
Labels
Closed: Fixed Issue was closed as fixed.

Comments

@tjaalton
Copy link

the pac responder isn't built:

checking for supported MIT krb5 version... no
configure: WARNING: Cannot build authdata plugin with this version of
MIT Kerberos, please use 1.9.x or later
@tjaalton
Copy link
Author

modifying pac_responder.m4 to recognize 1.20 at least allows it to build fine, but I have no way to test if it works

@sumit-bose
Copy link
Contributor

Hi,

thanks for the reminder, I'll check the MIT Kerberos 1.20 code to see if there are any changes. The reason for the check is that we use an API which isn't public yet.

bye,
Sumit

@alexey-tikhonov
Copy link
Member

@jrisc, when do you plan to bring 1.20 to Fedora?

@jrisc
Copy link

jrisc commented Aug 17, 2022

I am not releasing it for now because some changes in the KDB driver are breaking FreeIPA build. We are working to fix that before the branching for Fedora 38.

Here is a Copr repo with 1.20 builds for Fedora:
https://copr.fedorainfracloud.org/coprs/jrische/krb5-1.20/

@sumit-bose
Copy link
Contributor

Hi,

there is a small change to authdata_plugin.h in krb5/krb5@789a4d3 from @pbrezina.

Effectively we already use a const here but currently trick the compiler to ignore it by setting name as

((void *)((uintptr_t)("sssd_sssdpac")))

in src/sss_client/sssd_pac.c. So it would be possible to ignore this change and just allow 1.20 in pac_responder.m4.

As an alternative we can additionally include the change and remove the casting magic. Since we use our own header file and the MIT Kerberos code treated the name as const in older versions I think there are no issues with older version of MIT Kerberos.

I tend to the latter, any comments?

bye,
Sumit

@pbrezina
Copy link
Member

The latter sounds fine.

sumit-bose added a commit to sumit-bose/sssd that referenced this issue Aug 19, 2022
@sumit-bose
BUILD: Accept krb5 1.19 for building the PAC plugin
4117a2c 
Additionally following MIT Kerberos the 'name' member of struct
krb5plugin_authdata_client_ftable_v0 is made 'const' and the related
code to set the name is simplified.

Resolves: SSSD#6306
@sumit-bose sumit-bose mentioned this issue Aug 19, 2022
Closed
sumit-bose added a commit to sumit-bose/sssd that referenced this issue Aug 19, 2022
@sumit-bose
BUILD: Accept krb5 1.20 for building the PAC plugin
523b039 
Additionally following MIT Kerberos the 'name' member of struct
krb5plugin_authdata_client_ftable_v0 is made 'const' and the related
code to set the name is simplified.

Resolves: SSSD#6306
@pbrezina
Copy link
Member

Pushed PR: #6312

  • master
    • abd8966 - BUILD: Accept krb5 1.20 for building the PAC plugin

@pbrezina pbrezina added the Closed: Fixed Issue was closed as fixed. label Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BUILD: Accept krb5 1.20 for building the PAC plugin sumit-bose/sssd
5 participants
@tjaalton @sumit-bose @pbrezina @alexey-tikhonov @jrisc