+invirt-console (0.2.12) unstable; urgency=low
+
+ * Removed dependency on debathena pkgs
+
+ -- Greg Brockman <gdb@mit.edu> Thu, 24 Dec 2009 01:54:32 -0500
+
invirt-console (0.2.11) unstable; urgency=low
* Disable the sftp subsystem on the console server; it interacts poorly
Section: servers
Priority: extra
Maintainer: Invirt project <invirt@mit.edu>
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, initscripts, krb5-config, krb5-user, krb5-clients
Standards-Version: 3.7.2
Package: invirt-console-server
Conflicts: ${diverted-files}
Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends},
conserver-client, conserver-server, daemon,
- debathena-kerberos-config, fuse-utils, libnss-pgsql1, nscd,
+ fuse-utils, libnss-pgsql1, nscd, krb5-config, krb5-user, krb5-clients,
openssh-server, python, python-routefs, invirt-database,
- remctl-server, debathena-ssh-server-config
+ remctl-server
Description: Invirt serial-console proxy server
This is the software for the serial-console proxy server.
/etc/nsswitch.conf.invirt \
/etc/nscd.conf.invirt \
/etc/pam.d/sshd.invirt \
- /etc/ssh/sshd_config.debathena.invirt
+ /etc/ssh/sshd_config.invirt
ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),)
DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \
DEB_DIVERT_FILES_invirt-console-server += \
/etc/conserver/conserver.cf.invirt \
- /etc/motd.invirt
+ /etc/krb5.conf \
+ /etc/motd.invirt \
+ /etc/ssh/sshd_config
DEB_DIVERT_FILES_invirt-console-host += \
/etc/conserver/conserver.cf.invirt \
/etc/conserver/server.conf.invirt
--- /dev/null
+#!/usr/bin/perl -p0
+# Debathena rules (from debathena-kerberos-config)
+s/^([ \t]*default_realm *=).*$/\1 ATHENA.MIT.EDU/m or die;
+s/(\[realms\][^[]*\n)[ \t]*NUMENOR\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tNUMENOR.MIT.EDU = {\n\t\tkdc = numenor.mit.edu\n\t\tadmin_server = numenor.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*CSAIL\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t\tdefault_domain = csail.mit.edu\n\t\tkrb524_server = krb524.csail.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*ATHENA\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tATHENA.MIT.EDU = {\n\t\tkdc = kerberos.mit.edu:88\n\t\tkdc = kerberos-1.mit.edu:88\n\t\tkdc = kerberos-2.mit.edu:88\n\t\tadmin_server = kerberos.mit.edu\n\t\tdefault_domain = mit.edu\n\t}\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*numenor\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tnumenor.mit.edu = NUMENOR.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tcsail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.csail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tmit.edu = ATHENA.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.mit.edu = ATHENA.MIT.EDU\n/ or die;
+
+# Invirt rules
+
+s/(\[realms\]\n)/\1\tHCS.HARVARD.EDU = {\n\t\tkdc = krb1.hcs.harvard.edu\n\t\tadmin_server = krb1.hcs.harvard.edu\n\t}\n/ or die;
+s/(\[domain_realm\]\n)/\1\thcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
+s/(\[domain_realm\]\n)/\1\t.hcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
+++ /dev/null
-#!/usr/bin/perl -0p
-s/^#?PrintLastLog .*$/PrintLastLog no/m or die;
-s/$/\nAllowTcpForwarding no/ or die;
-s/^#?X11Forwarding .*$/X11Forwarding no/m or die;
-s/^#?Subsystem sftp.*$//m or die;
--- /dev/null
+#!/usr/bin/perl -0p
+# Debathena rules (from debathena-ssh-server-config)
+s/^#?GSSAPIAuthentication .*$/GSSAPIAuthentication yes\nGSSAPIKeyExchange yes\nGSSAPIStrictAcceptorCheck no/m or die;
+s/^#?GSSAPICleanupCredentials .*$/GSSAPICleanupCredentials yes/m or die;
+s/^#?ChallengeResponseAuthentication .*$/ChallengeResponseAuthentication yes/m or die;
+## In Debathena, privilege separation is configurable.
+s/^#?UsePrivilegeSeparation .*$/UsePrivilegeSeparation yes/m or die;
+s/^#?PasswordAuthentication .*$/PasswordAuthentication no/m or die;
+
+# Invirt rules
+s/^#?PrintLastLog .*$/PrintLastLog no/m or die;
+s/$/\nAllowTcpForwarding no/ or die;
+s/^#?X11Forwarding .*$/X11Forwarding no/m or die;
+s/^#?Subsystem sftp.*$//m or die;
+
+