[gnome-build-meta/mcatanzaro/krb5] Try to make Kerberos work
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-build-meta/mcatanzaro/krb5] Try to make Kerberos work
- Date: Wed, 18 Sep 2019 19:43:16 +0000 (UTC)
commit a550ba6bf050f481ac7c55bb49978abec9f84b67
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Wed Sep 18 13:49:07 2019 -0500
Try to make Kerberos work
I don't understand Kerberos, but Rishi kinda does, and he says we need
to make it use the KCM credential cache to have a chance inside flatpak.
It can be configured at build time, but that's not enough on its own. It
seems we need to install a krb5.conf.
elements/sdk/krb5.bst | 6 ++++++
files/krb5/krb5.conf | 14 ++++++++++++++
2 files changed, 20 insertions(+)
---
diff --git a/elements/sdk/krb5.bst b/elements/sdk/krb5.bst
index 76ea230c..da801c68 100644
--- a/elements/sdk/krb5.bst
+++ b/elements/sdk/krb5.bst
@@ -45,6 +45,12 @@ variables:
conf-local: |
--disable-rpath --with-system-et --with-system-ss
+config:
+ install-commands:
+ (>):
+ - mkdir -p %{install-root}%{sysconfdir}
+ - install -m 644 krb5-config/krb5.conf %{install-root}%{sysconfdir}/krb5.conf
+
sources:
- kind: tar
url: https://kerberos.org/dist/krb5/1.16/krb5-1.16.2.tar.gz
diff --git a/files/krb5/krb5.conf b/files/krb5/krb5.conf
new file mode 100644
index 00000000..be2406f7
--- /dev/null
+++ b/files/krb5/krb5.conf
@@ -0,0 +1,14 @@
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ pkinit_anchors = FILE:/etc/ssl/certs/ca-certificates.crt
+ spake_preauth_groups = edwards25519
+ default_ccache_name = KCM:
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
