[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: wip/kstart
Module name: wip
Committed by: jakllsch
Date: Sun Sep 14 18:23:43 UTC 2008
wip/kstart: Makefile distinfo
Update kstart to 3.14.
changes for 3.14:
Add -F and -P options to k5start to force the tickets to not be forwardable
or proxiable, regardless of library defaults. This can be necessary if one's
krb5.conf defaults to forwardable or proxiable tickets but service principals
aren't allowed to get such tickets.
changes for 3.13:
As of this release, k4start should be considered frozen. I will still fix bugs
where possible, but it is no longer tested before releases and new features
added to k5start and krenew will not be added to k4start.
If the environment variable AKLOG is set, use its value as the path to the
aklog program to run when -t is given to k5start or krenew. If AKLOG is set,
always run that program unless -n was given in k4start. This environment
variable replaces the badly-named KINIT_PROG, although KINIT_PROG is still
supported for backward compatibility.
Remove the restriction that -o, -g, and -m may not be used with -K or a
command. The MIT Kerberos libraries have removed the restriction about ticket
cache ownership and this now works properly. However, each authentication
changes the permissions, so reset the ownership and permissions whenever we
renew the cache. Thanks, Howard Wilkinson.
Strip a leading FILE: or WRFILE: prefix from the ticket cache name when
changing the ownership or permissions. Based on a patch from Howard Wilkinson.
Fix a portability problem with Heimdal introduced in the previous release
(Heimdal wants krb5_cc_copy_cache, not krb5_cc_copy_creds). Thanks, Jason White.
Include a dummy object in libportable to avoid build failures on systems that
don't need any portability functions (such as Mac OS X).
changes for 3.12:
krenew, when running a command, first copies the current ticket cache to a
private cache for that command so that it will be unaffected by later
destruction of the cache (such as by user logout). The private cache is
deleted when the command exits.
Fix problems with command-line parsing in k4start and k5start that led to
treating a provided command as a principal in some situations. Allow for
getopt() implementations that don't strip the -- argument if it occurs after
the first non-option (such as on at least older Solaris).
k5start now uses krb5_cc_destroy() rather than unlink to clean up the ticket
cache when necessary.
Fix multiple problems with the libkafs and AFS system call checks on platforms
other than Linux that caused the libraries to leak into the global LIBS and
include checks done without the AFS include paths.
Fix the ordering of LDFLAGS to avoid accidentally linking with the AFS com_err
library and ensure the AFS syscall layer is built with the right CPPFLAGS.
If KRB5_CONFIG was explicitly set in the environment, don't use a different
krb5-config based on --with-krb4 or --with-krb5. If krb5-config isn't
executable, don't use it. This allows one to force library probing by setting
KRB5_CONFIG to point to a nonexistent file.
Sanity-check the results of krb5-config before proceeding and error out in
configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support.
Thanks, Mike Garrison.
changes for 3.11:
Add a -c option to k4start, k5start, and krenew, which writes out the PID of
the child process when running a command. This is similar to -p, but writes out
the command PID rather than the PID of k4start, k5start, or krenew. Based on a
patch by Sascha Tandel.
Add a -H option to krenew that works similarly to the -H option for k5start:
checking whether the remaining lifetime of the ticket is already long enough,
only renewing if it isn't, and exiting with a status indicating whether the
resulting ticket had a sufficiently long lifetime.
Based on a patch by Gautam Iyer.
Add -o, -g, and -m options to k4start and k5start to set the owner, group,
and mode of the ticket cache after creation. These options cannot be used with
a specified command or with -K since, after making those changes, the Kerberos
library won't permit reading or writing to the ticket cache.
Based on a patch by Howard Wilkinson.
Significantly update the AFS setpag support. The option to build with AFS
setpag support is now --enable-setpag. On most platforms, if libkafs is not
found, kstart uses an internal AFS system call implementation that doesn't
require linking with the AFS libraries. The AFS libraries are used only on
AIX and IRIX. On platforms other than Linux, pass --with-afs to configure to
specify the location of the AFS include files and libraries.
Redo the build machinery for Kerberos v4 and Kerberos v5 libraries to take
advantage of portability improvements from other projects. kstart will now
hopefully build with AIX's Kerberos libraries and get more of the edge cases
right. Instead of --with-kerberos, use --with-krb5 to specify the path to the
Kerberos v5 libraries and --with-krb4 to specify the path to the Kerberos v4
After backgrounding, reauthenticate if necessary before writing out the PID
file in case we need tickets or tokens to write the file.
Close the keytab after determining the principal with k5start -U.
--enable-static is no longer supported. This is generally unnecessary and
complex to support in combination with other options.
kstart now has a basic test suite, although not all functionality is tested
yet. See README and tests/data/README for information on how to enable the
tests that are there.
To generate a diff of this commit:
cvs -z3 rdiff -u -r188.8.131.52 -r1.2 wip/kstart/distinfo
cvs -z3 rdiff -u -r1.2 -r1.3 wip/kstart/Makefile
To view a diff of this commit:
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
pkgsrc-wip-cvs mailing list
Main Index |
Thread Index |