search

rseabra / pam_ipahbac

Implements FreeIPA's HBAC for other systems without SSSD
Other
5 stars 2 forks source link

working binaries for AIX #2

Closed niyazielvan closed 5 years ago

niyazielvan commented 8 years ago

Hello,

Do you have working binaries for AIX ? Or would you share how to compile the code on AIX ?

Thank you.

rseabra commented 8 years ago

Hi,

Thanks for you interest and I'm sorry for taking so long to reply.

Building binaries for AIX is a true PITA, I'm looking into the possibility to publish them here (or at least the instructions) but there are no warranties.

The main problems are that you need to get:

  1. sudo with pam + LDAP support (no such trustworthy package with both features present)
  2. recent sshd (recent enough to have AuthorizedKeysCommand which is not the case of AIX 7.1)

In order to build this you need a good working compiler for AIX (xlC) which is hard to get.

In order to build these, you need to build a lot of dependencies.

It's a true PITA and we aren't yet sure the module is safe in other programs (it works well with SSH, but what about DB2, for instance?).

I hope to bring you good news soonish.

ghost commented 7 years ago

Hi, I've successfully compiled in AIX 5.3 and AIX 7.1 with gcc and about 16 rpm dependencies, not tested yet ;) Regards, Jose Caneira

niyazielvan commented 7 years ago

Hi,

Can you share your experience with compilation? or maybe the binaries for AIX 7.1 ?

thank you.

ghost commented 7 years ago

Hi,

Here goes a quick cookbook:

To setup the gcc dev environment install: gcc-4.9.4-1.aix7.1.ppc.rpm gcc-c++-4.9.4-1.aix7.1.ppc.rpm gcc-cpp-4.9.4-1.aix7.1.ppc.rpm gettext-0.10.40-8.aix5.2.ppc.rpm gmp-6.1.2-1.aix5.1.ppc.rpm info-5.1-2.aix5.1.ppc.rpm libgcc-4.9.4-1.aix7.1.ppc.rpm libiconv-1.14-3.aix5.1.ppc.rpm libmpc-1.0.3-1.aix5.1.ppc.rpm libstdc++-4.9.4-1.aix7.1.ppc.rpm libstdc++-devel-4.9.4-1.aix7.1.ppc.rpm mpfr-3.1.5-1.aix5.1.ppc.rpm zlib-1.2.4-2.aix5.1.ppc.rpm zlib-devel-1.2.4-2.aix5.1.ppc.rpm

Then to setup de autoconf environment and some ipahbac dependencies install: autoconf-2.69-2.aix5.1.ppc.rpm automake-1.15-2.aix5.1.ppc.rpm bzip2-1.0.6-1.aix5.1.ppc.rpm gdbm-1.13-1.aix5.1.ppc.rpm grep-3.0-1.aix5.1.ppc.rpm libiconv-1.15-1.aix5.1.ppc.rpm libsigsegv-2.11-1.aix5.2.ppc.rpm libtool-2.4.6-1.aix5.1.ppc.rpm m4-1.4.18-1.aix5.1.ppc.rpm openldap-2.4.23-0.5.aix5.1.ppc.rpm openldap-devel-2.4.23-0.5.aix5.1.ppc.rpm openssl-1.0.2k-1.aix5.1.ppc.rpm pcre-8.40-1.aix5.1.ppc.rpm perl-5.8.8-2.aix5.1.ppc.rpm readline-7.0-3.aix5.1.ppc.rpm sed-4.4-1.aix5.1.ppc.rpm

Then just download this project and run: export M4=/usr/linux/bin/m4 ./auto.sh ./configure --prefix=/usr make make install

It should work, I haven't tested yet. All rpm packages downloaded from: ftp://www.oss4aix.org/compatible/aix71/

Hope this helps, if still needed I can share the binaries.

Regards, José Caneira

rseabra commented 7 years ago

Using that repository (which has since been updated) is helpful, but there is more: you need to compile sudo with ldap support and OpenSSH to replace IBM's version.

  1. oss4aix sudo does not have ldap (and pam) support
  2. IBM's OpenSSH does not have support for retrieving ssh public keys

Thanks for your comments as I haven't been able to sucessfully get permission to publish our internal procedure detail for compilation.

rseabra commented 5 years ago

Hi, you may be interested in release 0.0.7 which includes rpm, src.rpm, a tar ball, and the spec used to create the RPM.

It should work on AIX 7.1 as well as it does on our site.