Community
Participate
Working Groups
The current version of the linux rseserver does not support kerberos. It uses getpwnam to get the current crypted version of the user's password, but this does not work in the kerberos case. I would like to propose a patch that uses Authen::pam to do the authorization. This requires the perl-Authen-pam module to be installed.
Created attachment 207556 [details] Proposed patch to auth.pl to support Kerberos Proposed patch
Martin, it would be nice to get this patch in but I don't think we should be outright replacing the existing auth.pl since the new one brings in dependencies that may not be around by default. Perhaps the new auth.pl could be included as auth.kerberos.pl and then we could have a readme instructing users to replace auth.pl in appropriate circumstances. Any thoughts on this?
I like the idea of an auth.kerberos.pl -- supposedly in a Kerberos host environment the admin who installs rseserver needs to read the docs anyways so why not require special setup. It would be nice to have if in an "update" scenario an updated rseserver could be deployed without having to think about the config again, any ideas how to do this? Jeff, does the proposal sound acceptable to you too ?
(In reply to comment #3) > I like the idea of an auth.kerberos.pl -- supposedly in a Kerberos host > environment the admin who installs rseserver needs to read the docs anyways so > why not require special setup. > > It would be nice to have if in an "update" scenario an updated rseserver could > be deployed without having to think about the config again, any ideas how to do > this? > > Jeff, does the proposal sound acceptable to you too ? That would be fine. Can someone point me to the rseserver source code? I am going to add rseserver to the eclipse-rse Fedora package. For Fedora, I can require Authen pam be installed so it is no problem making it the default auth.pl.
(In reply to comment #4) > (In reply to comment #3) > > I like the idea of an auth.kerberos.pl -- supposedly in a Kerberos host > > environment the admin who installs rseserver needs to read the docs anyways so > > why not require special setup. > > > > It would be nice to have if in an "update" scenario an updated rseserver could > > be deployed without having to think about the config again, any ideas how to do > > this? > > > > Jeff, does the proposal sound acceptable to you too ? > > That would be fine. Can someone point me to the rseserver source code? I am > going to add rseserver to the eclipse-rse Fedora package. For Fedora, I can > require Authen pam be installed so it is no problem making it the default > auth.pl. The scripts for the server are located in following plugin: org.eclipse.rse.services.dstore You'll find them in the serverruntime directory.
(In reply to comment #5) > (In reply to comment #4) > > (In reply to comment #3) > > > I like the idea of an auth.kerberos.pl -- supposedly in a Kerberos host > > > environment the admin who installs rseserver needs to read the docs anyways so > > > why not require special setup. > > > > > > It would be nice to have if in an "update" scenario an updated rseserver could > > > be deployed without having to think about the config again, any ideas how to do > > > this? > > > > > > Jeff, does the proposal sound acceptable to you too ? > > > > That would be fine. Can someone point me to the rseserver source code? I am > > going to add rseserver to the eclipse-rse Fedora package. For Fedora, I can > > require Authen pam be installed so it is no problem making it the default > > auth.pl. > > > The scripts for the server are located in following plugin: > org.eclipse.rse.services.dstore > > You'll find them in the serverruntime directory. Hi David: I'd also like to make the changes that Jeff has suggested. Whenever modifications are made to the auth.pl perl script (i.e. just a print statement) that is already installed on the server it stops working. Does something need to be changed in the source code? thanks tom
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > (In reply to comment #3) > > > > I like the idea of an auth.kerberos.pl -- supposedly in a Kerberos host > > > > environment the admin who installs rseserver needs to read the docs anyways so > > > > why not require special setup. > > > > > > > > It would be nice to have if in an "update" scenario an updated rseserver could > > > > be deployed without having to think about the config again, any ideas how to do > > > > this? > > > > > > > > Jeff, does the proposal sound acceptable to you too ? > > > > > > That would be fine. Can someone point me to the rseserver source code? I am > > > going to add rseserver to the eclipse-rse Fedora package. For Fedora, I can > > > require Authen pam be installed so it is no problem making it the default > > > auth.pl. > > > > > > The scripts for the server are located in following plugin: > > org.eclipse.rse.services.dstore > > > > You'll find them in the serverruntime directory. > Hi David: > I'd also like to make the changes that Jeff has suggested. Whenever > modifications are made to the auth.pl perl script (i.e. just a print statement) > that is already installed on the server it stops working. Does something need > to be changed in the source code? > thanks > tom Hi David: Never mind the question. I ended up just applying the patch an installing the Perl Module: Authen::PAM and it works fine. thanks tom
