[sudo-users] LDAPS + sudo + AIX 7.1
ace man
kevev at hotmail.com
Mon Aug 19 11:40:48 MDT 2013
OK. So my ssl issue still exists. When I change the uri from ldap to ldaps I get a timeout.
The LDAP server access log shows:
SSL peer cannot verify your certificate.
I am using the same cacert that works on all of my Linux hosts and this AIX host for user authentication, so I know it is correct.
I can create an openssl connection from this client to the ldaps port 636 and it shows the correct self-signed cert.
I have tls_checkpeer no in /etc/ldap.conf.
> From: kevev at hotmail.com
> To: todd.miller at courtesan.com
> Date: Mon, 19 Aug 2013 12:03:53 -0500
> CC: sudo-users at sudo.ws
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
>
> It works!! I will post my steps in a bit for anyone else trying to compile on AIX 7.1 .
>
> Thank You Todd! :o)
>
> > From: kevev at hotmail.com
> > To: todd.miller at courtesan.com
> > Date: Mon, 19 Aug 2013 11:38:59 -0500
> > CC: sudo-users at sudo.ws
> > Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> >
> > I tried:
> >
> > mkpkg --platform=rpm --flavor=ldap --with-aixauth --with-ldap=/opt/IBM/ldap/V6.3 --with-ldap-conf-file=/etc/ldap.conf
> >
> > &
> >
> > mkpkg --platform=rpm --flavor=ldap --prefix=/opt/freeware --with-insults=disabled --mandir/opt/freeware/man --with-aixauth --with-logging=syslog --with-logfac=auth --with-editor=/usr/bin/vi --with-env-editor --enable-zlib=builtin --disable-nls --with-sendmail/usr/sbin/sendmail --with-ldap=/opt/IBM/ldap/V6.3 --with-incpath=/opt/IBM/ldap/V6.3/include --with-libpath=/opt/IBM/ldap/V6.3/lib --with-ldap-conf-file=/etc/ldap.conf
> >
> >
> > root@ sudo-1.8.7 #: rpm -Uvvh sudo-1.8.7-1.ppc.rpm
> > D: counting packages to install
> > D: found 1 packages
> > D: looking for packages to download
> > D: retrieved 0 packages
> > D: New Header signature
> > D: Signature size: 68
> > D: Signature pad : 4
> > D: sigsize : 72
> > D: Header + Archive: 1709253
> > D: expected size : 1709253
> > D: opening database mode 0x102 in /opt/freeware/packages
> > D: found 0 source and 1 binary packages
> > D: requires: /usr/bin/env satisfied by db provides.
> > D: requires: libc.a(shr.o) satisfied by db provides.
> > D: requires: libldap.a unsatisfied.
> > D: package sudo require not satisfied: libldap.a
> > D: requires: libs.a(shr.o) satisfied by db provides.
> > error: failed dependencies:
> > libldap.a is needed by sudo-1.8.7-1
> > root@ sudo-1.8.7 #: find / -name libc.a
> > find: 0652-023 Cannot open file /proc/8192202.
> > find: 0652-023 Cannot open file /proc/18677950.
> > find: 0652-023 Cannot open file /proc/21430282.
> > find: 0652-023 Cannot open file /proc/23724128.
> > find: 0652-023 Cannot open file /proc/32243942.
> > find: 0652-023 Cannot open file /proc/35258454.
> > /usr/ccs/lib/.recover/libc.a
> > /usr/ccs/lib/libc.a
> > /usr/lib/libc.a
> > /usr/lib/threads/libc.a
> > root@ sudo-1.8.7 #:
> > root@ sudo-1.8.7 #:
> > root@ sudo-1.8.7 #:
> > root@ sudo-1.8.7 #: find / -name libldap.a
> > /opt/IBM/ldap/V6.2/lib/libldap.a
> > /opt/IBM/ldap/V6.2/lib64/libldap.a
> > /opt/IBM/ldap/V6.3/lib/libldap.a
> > /opt/IBM/ldap/V6.3/lib64/libldap.a
> > /opt/freeware/lib/libldap.a
> > find: 0652-023 Cannot open file /proc/8192202.
> > find: 0652-023 Cannot open file /proc/18677950.
> > find: 0652-023 Cannot open file /proc/21430282.
> > find: 0652-023 Cannot open file /proc/23724128.
> > find: 0652-023 Cannot open file /proc/32243942.
> > find: 0652-023 Cannot open file /proc/35258454.
> > /usr/lib/lib64/libldap.a
> > /usr/lib/libldap.a
> > /usr/lib/symark/pb/libldap.a
> > /usr/linux/lib/libldap.a
> >
> > > From: Todd.Miller at courtesan.com
> > > To: kevev at hotmail.com
> > > CC: sudo-users at sudo.ws
> > > Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> > > Date: Mon, 19 Aug 2013 09:43:05 -0600
> > >
> > > On Mon, 19 Aug 2013 08:33:36 -0500, ace man wrote:
> > >
> > > > I built 1.8.7 and it still uses PAM. The configure says it sets aixauth, but
> > > > the compilation ignores this and uses PAM.
> > > >
> > > > Here are the outputs from configure & mkpkg:
> > > >
> > > > http://pastebin.com/qKMxrp7W
> > >
> > > The configure output looks correct.
> > >
> > > > http://pastebin.com/mFJzW4ns
> > >
> > > The mkpkg output is still using PAM. Note that mkpkg runs configure
> > > itself so your earlier configure run was ignored. You probably
> > > want to do:
> > >
> > > ./mkpkg --flavor=ldap --with-aixauth --with-ldap=/opt/IBM/ldap/V6.3 \
> > > --with-ldap-conf-file=/etc/ldap.conf
> > >
> > > Or, if you want to make an rpm package instead of an installp one:
> > >
> > > ./mkpkg --platform=rpm --flavor=ldap --with-aixauth \
> > > --with-ldap=/opt/IBM/ldap/V6.3 --with-ldap-conf-file=/etc/ldap.conf
> > >
> > > You should not need to specify --with-incpath or --with-libpath;
> > > configure should use the include and lib dirs under /opt/IBM/ldap/V6.3.
> > > The other configure args you had are used by default by mkpkg on AIX.
> > >
> > > - todd
> >
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list