Integrate SecurID into the build if libaceclnt is found.
Add a README file with an example of how to build it.
ticket: 6807
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24467
dc483132-0cff-0310-8789-
dd5450dbe970
# plugins/authdata/greet
SUBDIRS=util include lib \
@ldap_plugin_dir@ \
+ @sam2_plugin@ \
plugins/kadm5_hook/test \
plugins/kdb/db2 \
plugins/preauth/pkinit \
fi
AC_SUBST(ldap_plugin_dir)
AC_SUBST(LDAP)
+# This check is for plugins/preauth/securid_sam2
+sam2_plugin=""
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+AC_CHECK_LIB(aceclnt, sd_init,[
+ AC_MSG_NOTICE([Enabling RSA securID support])
+ sam2_plugin=plugins/preauth/securid_sam2
+ ])
+AC_SUBST(sam2_plugin)
+CFLAGS=$old_CFLAGS
# This checks is for plugins/locate/python, which isn't built by
# default, so it's not a big deal that it isn't very good. We should
# Depends on libk5crypto and libkrb5
SHLIB_EXPDEPS = \
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
+ $(TOPLIBD)/libkrb5$(SHLIBEXT) $(KADMSRV_DEPLIBS)
+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(KADMSRV_LIBS) $(LIBS) -laceclnt
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)
--- /dev/null
+SecurID Preauth Support
+
+In order to build this library you will need the RSA 's ACE Agent
+SDK. Set the LDFLAGS and CPPFLAGS environment variables to include the
+appropriate paths for your SDK before running configure. If libaceclnt
+is found then the plugin will be enabled.
+For example:
+
+../src/configure CC='gcc -m32' CFLAGS=-g --prefix=/usr/local/krb5 \
+ --disable-rpath LDFLAGS=-L/home/developer/ace/ACEAgentSDK/lib/lnx \
+ CPPFLAGS=-I/home/developer/ace/ACEAgentSDK/inc
+
+
+Once the plugin is installed, set the requires_preauth and potentially
+requires_hwauth flags for a principal. Then create principal/SECURID
+as a new principal with a random key. That principal will now require
+SecurID authentication.