[LON-CAPA-admin] kerberos conf
Stuart Peter Raeburn
raeburn at msu.edu
Mon Feb 11 14:28:55 EST 2008
Hi,
Starting with version 1.7, a perl module for Authen::Krb5 has begun to be
included in standard repositories for Fedora 7 and 8 (previously rpms have
come from the LON-CAPA repositories). The get_in_tkt_with_password()
function seg faults in Authen::Krb rev 1.7 (the corresponding interface is
deprecated in the Kerberos C libraries, but the Perl module docs indicate
that it should continue to work).
A new version of lond (rev 1.394) uses the function
get_init_creds_password(), where it exists, to validate a user's login
credentials. This function does not seg fault in 1.7.
The new version of lond continues to support perl-Authen-Krb5 version 1.6,
and earlier by continuing to use the get_in_tkt_with_password() function if
the newer get_init_creds_password() function is unavailable.
Domains using Kerberos 5 authentication with Fedora 7 or 8, and running
LON-CAPA version 2.6, have two options,
(a) Do not update perl-Authen-Krb5
(Adding the following line to /etc/yum.conf, will stop CHECKRPMS from
sending e-mail to the sytem administrator suggesting the RPM should be
updated.
exclude=perl-Authen-Krb5
If perl-Authen-Krb5 has already been updated:
rpm -e --nodeps perl-Authen-Krb5
Then for 64 bit machines using Fedora 7
wget
http://install.loncapa.org/fedora/linux/loncapa/7/x86_64/perl-Authen-Krb5-1.
6-1.0.fc7.lc.x86_64.rpm
rpm -ivh perl-Authen-Krb5-1.6-1.0.fc7.lc.x86_64.rpm
And for 32 bit machines using Fedora 7
wget
http://install.loncapa.org/fedora/linux/loncapa/7/i386/perl-Authen-Krb5-1.6-
1.0.fc7.lc.i386.rpm
rpm -ivh perl-Authen-Krb5-1.6-1.0.fc7.lc.i386.rpm
OR
(b) Replace the lond (rev. 1.393) shipped with 2.6.X with lond rev 1.394.
wget
http://loncapa.msu.edu/cgi-bin/cvsweb.cgi/~checkout~/loncom/lond?rev=1.394
-O /home/httpd/perl/lond
/etc/init.d/loncontrol restart
/etc/init.d/httpd restart
Stuart Raeburn
MSU LON-CAPA group
Gerd Kortemeyer writes:
> Hi,
>
> I would suggest to downgrade the package.
>
> LON-CAPA uses the standard calls for the package, so there is nothing we
> can change on the LON-CAPA end of things ... looks like the new version
> of the package has a bug.
>
> - Gerd.
>
> On Feb 7, 2008, at 11:47 AM, cansu başak wrote:
>
>>
>> i found out it is related with perl-Authen-Krb5 - 1.7-3.fc7.i386 update.
>> But
>> what is required to do for lon capa works with new package properly.
>> (update to
>> 2.6.2 version after kerberos update; but still there is problem)
>>
>> Cansu Başak
>>
More information about the LON-CAPA-admin
mailing list