Recompiled gnome-keyring to provide pam_gnome_keyring.

Added mod_auth_kerb: Kerberos support for apache.

Added mod_authnz_external: PAM support for apache.


Cheers

1 members found this post helpful.

Modified ad_adduser. Now it is not bound to ldapadduser.template. Reverted the template to a minimal one, only adding inetOrgPersn.

Modified setup.LDAP to skip pam_ck_connector on the server. We don't need this crap on a server.


Looks like there is not much else to do. So I can call feature freeze for this project.

Cheers

2 members found this post helpful.

Rebuilt exim with sasl support. The new default config supports both PAM and GSSAPI.

Tested the Single Sign On.

So far everything is working fine with apache cups imapd exim ldap firefox and thunderbird.

You have to create http/ imap/ and smtp/ principals and export their keys to keytabs readable by apache exim and imapd.

To enable the SPNEGO for firefox and thunderbird you have to add a "network.negotiate-auth.trusted-uris" string in about:config.

Cups serves a shared PDF printer with Kerberos authentication. No password needed for printing if the user is known.

Apache serves a mod_auth_kerb protected webdav folder with calendar for Lightning.
And Lightning happily uses its webdav calendar w/o prompting for password.

Thunderbird connects to imap and smtp by GSSAPI. No password needed.

Thunderbird address book connects fine to the LDAP by GSSAPI and pulls users info.

Firefox connects to kerberos protected folder w/o asking for password. Trying the same with links pops the authentication dialog.


A fully functional directory.

Cheers

2 members found this post helpful.

Added pam_mount. Works fine and can be very useful. So the extra dependency on libHX worth it.

Upgraded krb5 to the latest 1.13.1.
Still no change in current for keyutils, so nfs-utils is stuck at 1.2.9.


Cheers

That makes the maintenance of this stuff pointless.

The latest blackout at slackware.com was enlightening. The goal of this project was to bring some functionality needed in a multiuser production environment. After this long radio silence I can't see how someone in his right mind will consider Slackware for such environment. So there is no need to add this extra level of complexity. No one will need it.

EOF

Your interpretation is incorrect.

Slackware has a closed development model: there are regular updates to the ChangeLog.txt but you are not informed what happens inbetween updates. That's how it has always been so do not act surprised.
There are various people on this forum who work closely with Patrick, and who have been pretty vocal in telling everybody that Slackware is not dead by far, that development is continuing and that (big) updates are coming up. Those people are all open to suggestions and Pat watches these threads too. What's being discussed on LQ is often taken into account when updates to Slackware occur.

What you fail to grasp is that the update of certain core libraries is not trivial and will require multiple rebuilds of a lot of packages in order to get rid of all references to no longer available library files. It takes time! Hence the delay in updates.
And making strategic decisions (PAM, Kerberos, systemd which are of a different category than most other requests) will take even more time because all options have to be considered carefully. Slackware is a conservative distro in that regard.

Slackware is a one-man show. There are some helper monkeys who prepare the way for Pat but bottomline is that every package is compiled by Patrick before it goes into the distro. It takes time!

If you interpret that as "blackouts" and "radio silence" then you, like some others, have fallen victim to the same update frenzy that affects several other distro communities. Try to get used to this, will you?

I see no justification for your interpretation of that anonymized context-less quoting of Robby Workman in another thread. Robby talks about the PAM flame-fests that resurface from time to time and will only serve to irritate the Slackware team. He politely asks not to keep requesting PAM.

Having a clean set of PAM/Kerberos/LDAP and even systemd packages (or instructions) for Slackware - provided by the community - is irrelevant to that comment made by Robby. In fact I think that this valued valued by several others. Why then would your effort be pointless? This distro allows people to make changes to the core and get away with it.

You yourself asked "Please don't turn this thread into pro/anti PAM discussion" in your original post. Yet you bring PAM into this thread yourself...

7 members found this post helpful.

I have a suggestion to make for this. There's a famous Austrian saying: "Don't throw rocks when you sit in a glass house." That's me, by the way, sitting in the glass house, so I won't throw any rocks. Here's the lesson that I have retained after the big controversy earlier this year.

The work you have done here is quite an achievement. What you could do now is go that extra bit further and try to maintain a binary package repo for Slackware stable, sporting your packages. This way, folks who want to implement this stuff in Slackware can simply point to your repo, define a priority in slackpkg+, and voilà, that's it.

And then, once this has gained some popularity and more and more folks start using it, there's a chance this stuff will eventually (...) find its way into the official release.

As far as I understand, this is how Slackware works.

Cheers,

Niki

3 members found this post helpful.

I support this proposition.

I would be willing to help test and report bugs or even maintain some of this project.

I have a small network of ten or so hardware and virtual machines running slackware stable (32/64) and current. And you know how hard it is to manage this kind of network without a centralized directory.


adminster

2 members found this post helpful.

That is definitely the way to start.

On the side note, lets make sure we unify the implementation on things like pam.
so 1 place that we all can grab pam files and build upon that part.

@ivandi
If you like, we can make a github page under Dlackware for pam

As it turned out any script that happens to contain

VERSION
TMP
OUTPUT
tar
gzip
configure
make
DESTDIR
install
.
.
.
or any other commonly used unix command or variable name

could be a subject of copyright infringement claims by slackbuilds.org or slackware.com.

So I had to suspend the link at the beginning.

Well done guys. I can think of one famous person who will be really proud of you.

No citation needed, I think this is about the dumbest claim about copyright infringement I have seen in many years. He removed himself from the discussion a few posts ago anyway. Just another person full of spite who removes his Slackware scripts because he does not like what he hears. Pity.

The dumbest copyright claim can be found in the header of thousands of scripts at SBO or Slackware.

A few posts ago I said that I see no point to maintain this stuff along with Slackware (keeping up with the ChangeLog and so on). That didn't mean that I would stop playing with it. I redirected the url above to point to the PAM folder of my home setup that I shared in another thread.

I removed the scripts because I refuse to play your silly copyright games.

And yes, its a pity to call someone "full of spite" just because you aren't agree with him.


Cheers

I fail to see how a template needs a license especially when those templates have always been public domain.

The only time we've ever griped about a license is when someone redistributes work without noted changes to the existing BSD/MIT style licensed completed work script.

Take your criticism and grow from it. I took a badgering from some of my packages, but I didn't go yanking my repo.

However, you should use a license ivandi. There are good reasons to do so especially to protect your work and claim the work comes without warranty.

OK I'll bite.

Please point me to the spots in a licence block in a SlackBuild script (example below taken from liboil.SlackBuild in Slackware itself) where there's a "copyright game" being played by which you are affected in such a way that you needed to remove access to your SlackBuild scripts?

As you can see, the text asks you to keep the original copyright lines intact so that future readers know who started with this script. If your rework does not cause a fundamental change to the SlackBuild script's logic, it is OK to add a line "Modified by" like the above example shows.

Don't think that this is a game. It is about giving credit where credit is due. You will notice from the above example that the script was originally not written by the Slackware team, and after all this time you will still find that the original submitter is credited. How is that wrong?

Writing a SlackBuild script is NOT trivial by default, if that is what you are thinking. Yes, many of the scripts move along the same lines, but using a SlackBuild template does not mean that a package will follow with minimal effort. You still have to check your new package for anomalities and omissions; check if the SlackBuild script installs files outside of the package straight into the filesystem etc. If you do all this quality checking then you deserve the credit.

1 members found this post helpful.