kerberos and cvs
Charles Wilson
cwilson@ece.gatech.edu
Tue Apr 1 04:36:00 GMT 2003
No really, this IS on topic.
Many moons ago, I grew so frustrated with the official cvs maintainers
at cvshome.com -- no updates in forever, disdainful of outside
contributions etc -- that I decided that the next release of cvs that I
made would come from the cvsnt codebase, since that was seeing active
development.
Plus, it had support for many server protocols, and getting cvshome's
cvs to act as a server on cygwin had limited success. Granted, cvshome
is now seeing (some) activity (2 patch releases in eight months! Woo
hoo!) but that doesn't change the problem with the servers; cvsnt is
already designed for service on windows...even tho it ALSO compiles on
unix. So, I'm looking at cvsnt, and...
Well, I ran into a spot of trouble. For some unknown reason, the cvsnt
maintainers removed the option of disabling kerberos encryption support
at buildtime. That is, they made it mandantory. (Sure, you can choose
whether or not to use kerberos at runtime -- but cvsnt can't be compiled
without it. They ripped out all of the configure code and the #ifdef
blocks in the code.)
Now, presumably they had a reason for that action, however inscrutable.
After going thru all that work to rip it out, they are understandably
reluctant to put it (the option to disable k-support) back in. So, that
means I need kerberos libraries.
Well, I have managed to compile and build MIT kerberos v5, and have
packaged it up here (no, this is NOT an ITP):
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/release/krb5/krb5-1.2.6-1.tar.bz2
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/release/krb5/krb5-1.2.6-1-src.tar.bz2
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/release/krb5/krb5-doc/krb5-doc-1.2.6-1.tar.bz2
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/release/krb5/libkrb5-devel/libkrb5-devel-1.2.6-1.tar.bz2
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/release/krb5/libkrb5_0/libkrb5_0-1.2.6-1.tar.bz2
Or, simply point setup.exe at
http://www.neuro.gatech.edu/users/cwilson/cygutils/testing/
However, here's the problem:
1) I know nothing about kerberos. I don't even know enough to test it.
2) I do NOT want to maintain this beastly piece of software.
However, I understand it is quite popular and would probably be a
welcome addition to the cygwin system.
3) This port does NOT contain the niceties like "ssh-host-config"
scripts and whatnot. A fully-fledged cygwin port should probably
install things like that, and maybe even hook into the sysvinit system
that Sergey contributed.
So, I put these packages up in the hope that someone will adopt them,
and bring them into the cygwin fold. If so, then I'll continue on my
current track with cvsnt (which hopefully will eventually lead to
functioning cvs servers...)
If not, then I'll either attempt to add the "--disable-encryption
--without-krb" stuff back into cvsnt's configury, or (sigh) stay with
the cvshome baselines.
A note if anyone is interested in adopting these packages: I used some
"interesting" tricks in the build script to convince it to build DLLs.
short version: the MIT kerberos build system is crap. Longer version:
make ; convert .a's to .dll's ; rm .exe's ; re-make
only more complicated. I also renamed a bunch of the applications &
their manpages to avoid conflicting with the ones in inetutils. Check
out the build script, and the README. I tried to be thorough
documenting what I did.
I'm in no rush here, but it would be nice if any interested parties
chimed in...anybody have a need for kerberos?
--Chuck
More information about the Cygwin-apps
mailing list