FYI: Kerberos on RHEL5

Russ Allbery rra at stanford.edu
Mon Apr 9 13:47:33 EDT 2007


Edgecombe, Jason <jwedgeco at uncc.edu> writes:

> I might try that.

> Are there any rpms for your pam_krb5? 

Not yet, unfortunately, at least public ones.  There are Stanford-internal
ones, though.  Here is the spec file that we use internally, if it's of
any help.  You'll need to change some of the package names.

It's a very simple package.

%define vers 3.4
# Define global variables here
%define rel %(cat /etc/redhat-release | cut -d' ' -f7)
# Define source files here although the tag comes later
%define source0 pam-krb5-%{vers}.tar.gz
# 64bit work-around
%define mylibdir lib

Name: pam_krb5-SU
Summary: pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization, and password changing.
Version: %{vers}
Release: 1.EL%{rel}
Copyright: MIT
Group: System Environment/Base
Source0: http://archives.eyrie.org/software/kerberos/%{source0}
BuildRoot: /var/tmp/%{name}-buildroot
Vendor: Stanford University
Conflicts: pam_krb5

BuildRequires: pam-devel

# no i386 builds unless we have to
%ifarch i386
BuildArch: i686
%endif
# 64bit work-around
%ifarch x86_64
 %define mylibdir lib64
%endif

URL: http://www.stanford.edu/

%description
pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization (via .k5login or checking Kerberos principals against local usernames), and password changing.
For RedHat systems, add these lines to the top of the /etc/pam.d/system-auth file sections for auth, account and session respectively:
auth        sufficient     /%{mylibdir}/security/pam_krb5.so ignore_root minimum_uid=1000
account     required       /%{mylibdir}/security/pam_krb5.so ignore_root minimum_uid=1000
session     optional       /%{mylibdir}/security/pam_krb5.so ignore_root minimum_uid=1000

%prep
%setup -n pam-krb5-%{version} 

%build
./configure
env CFLAGS="-O2" make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"

%install
if [[ $RPM_BUILD_ROOT != "/" ]]
then
  rm -rf $RPM_BUILD_ROOT
fi

mkdir -p $RPM_BUILD_ROOT/%{mylibdir}/security/
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man5

#make install DESTDIR=$RPM_BUILD_ROOT
install -m 0755 pam_krb5.so $RPM_BUILD_ROOT/%{mylibdir}/security/pam_krb5.so
install -m 0644 pam_krb5.5 $RPM_BUILD_ROOT/usr/share/man/man5/pam_krb5.5


%clean
if [[ $RPM_BUILD_ROOT != "/" ]]
then
  rm -rf $RPM_BUILD_ROOT
fi

%files
%defattr(-,root,root)
/%{mylibdir}/security/*
/usr/share/man/man5/*

%post

%preun

%postun

%changelog
* Thu Feb 1 2007 Darren Patterson  3.4-1
- updated to 3.4

* Thu Jan 18 2007 Darren Patterson  3.2-1
- updated to 3.2

* Fri Jan 5 2007 Darren Patterson  3.1-1
- updated to 3.1

* Tue Dec 6 2006 Darren Patterson  2.6-1
- updated to 2.6

* Fri Nov 11 2006 Darren Patterson  2.5-1
- updated to 2.5

* Wed Nov 1 2006 Darren Patterson  2.4-2
- fix bug with inserting arch in documentation

* Mon Oct 9 2006 Darren Patterson  2.4-1
- update to 2.4

* Wed Oct 4 2006 Darren Patterson  2.3-1
- new source release, 64bit cleanup for work-around

* Mon Aug 14 2006 Darren Patterson  2.0-1
- initial build

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list