SecurID build support
authorSam Hartman <hartmans@mit.edu>
Tue, 19 Oct 2010 19:50:48 +0000 (19:50 +0000)
committerSam Hartman <hartmans@mit.edu>
Tue, 19 Oct 2010 19:50:48 +0000 (19:50 +0000)
Integrate SecurID into the build if libaceclnt is found.
Add a README file with an example of how to build it.

ticket: 6807
target_version: 1.9
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24467 dc483132-0cff-0310-8789-dd5450dbe970

src/Makefile.in
src/configure.in
src/plugins/preauth/securid_sam2/Makefile.in
src/plugins/preauth/securid_sam2/README [new file with mode: 0644]

index 64a5aad1073838da880ba611de97039edde521f3..16d04e65c2150e156720bfabf324817822453623 100644 (file)
@@ -9,6 +9,7 @@ mydir=.
 #      plugins/authdata/greet
 SUBDIRS=util include lib \
        @ldap_plugin_dir@ \
+       @sam2_plugin@ \
        plugins/kadm5_hook/test \
        plugins/kdb/db2 \
        plugins/preauth/pkinit \
index ab2c689b88a0a9f43393d84c3d3fc7eca63306c6..8d6bb8277e01ad16fc3d9ac19ad7a10bd43c7cef 100644 (file)
@@ -1085,6 +1085,16 @@ else
 fi
 AC_SUBST(ldap_plugin_dir)
 AC_SUBST(LDAP)
+# This check is for plugins/preauth/securid_sam2
+sam2_plugin=""
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+AC_CHECK_LIB(aceclnt, sd_init,[
+                     AC_MSG_NOTICE([Enabling RSA securID support])
+                     sam2_plugin=plugins/preauth/securid_sam2
+                     ])
+AC_SUBST(sam2_plugin)
+CFLAGS=$old_CFLAGS
 
 # This checks is for plugins/locate/python, which isn't built by
 # default, so it's not a big deal that it isn't very good.  We should
index dd444145644c7b3ae6fe57bff8b2a6ff900be6bd..a32db4e26fdaa8ae1c3cc95e011589a5900f1e0a 100644 (file)
@@ -17,8 +17,8 @@ RELDIR=../plugins/preauth/securid_sam2
 # Depends on libk5crypto and libkrb5
 SHLIB_EXPDEPS = \
        $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
-       $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
+       $(TOPLIBD)/libkrb5$(SHLIBEXT) $(KADMSRV_DEPLIBS)
+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(KADMSRV_LIBS) $(LIBS) -laceclnt
 
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
diff --git a/src/plugins/preauth/securid_sam2/README b/src/plugins/preauth/securid_sam2/README
new file mode 100644 (file)
index 0000000..8fc1028
--- /dev/null
@@ -0,0 +1,17 @@
+SecurID Preauth Support
+
+In order to build this library you will need the RSA 's ACE Agent
+SDK. Set the LDFLAGS and CPPFLAGS environment variables to include the
+appropriate paths for your SDK before running configure. If libaceclnt
+is found then the plugin will be enabled.
+For example:
+
+../src/configure CC='gcc -m32' CFLAGS=-g --prefix=/usr/local/krb5 \
+     --disable-rpath LDFLAGS=-L/home/developer/ace/ACEAgentSDK/lib/lnx \
+    CPPFLAGS=-I/home/developer/ace/ACEAgentSDK/inc
+
+
+Once the plugin is installed, set the requires_preauth and potentially
+requires_hwauth flags for a principal.  Then create principal/SECURID
+as a new principal with a random key. That principal will now require
+SecurID authentication.