Pavel Panchekha

By

Share under CC-BY-SA.

MIT Zephyr from Arch Linux

MIT's Institvte-wide messaging system is called Zephyr, and is a pretty nice blend of a Twitter-like publishing system, Facebook-like wall functions, and a chat system. It's like a blend of chat and public discussion. MIT offers Debathena, which installs Zephyr tools (and AFS tools and similar, but that's besides the point) on a Debian or Ubuntu computer. But getting Zephyr running on Arch Linux is unsupported, and turns out to be a non-trivial thing. I'll explain how to do so here.

Tldr

Install my package and, if you wish, barnowl and run the following commands: 

sudo mv /etc/krb5/krb5.conf.mit /etc/krb5/krb5.conf
kinit [your Athena]
sudo /etc/rc.d/zhm start
barnowl

Everything below explains how to do the equivalent manually, if you would rather know what changes I made to replicate them on your installation.

Kerberos

Firstly, we must install Kerberos, which Zephyr uses for authentication. This involves installing the package core/krb5 

sudo pacman -S krb5

We also need to configure Kerberos to connect to MIT's network and to allow the weaker encryption used by MIT. To do this, open up /etc/krb5/krb5.conf as root in your favorite editor: 

sudo vim /etc/krb5/krb5.conf

Now install the various MIT realms (replace the [realms] and [domain_realm] sections). These were taken from the Debathena kerberos package. 

[realms]
	ATHENA.MIT.EDU = {
		kdc = kerberos.mit.edu:88
		kdc = kerberos-1.mit.edu:88
		kdc = kerberos-2.mit.edu:88
		admin_server = kerberos.mit.edu
		default_domain = mit.edu
	}
	MEDIA-LAB.MIT.EDU = {
		kdc = kerberos.media.mit.edu
		admin_server = kerberos.media.mit.edu
	}
	ZONE.MIT.EDU = {
		kdc = casio.mit.edu
		kdc = seiko.mit.edu
		admin_server = casio.mit.edu
	}
	MOOF.MIT.EDU = {
		kdc = three-headed-dogcow.mit.edu:88
		kdc = three-headed-dogcow-1.mit.edu:88
		admin_server = three-headed-dogcow.mit.edu
	}
	CSAIL.MIT.EDU = {
		kdc = kerberos-1.csail.mit.edu
		kdc = kerberos-2.csail.mit.edu
		admin_server = kerberos.csail.mit.edu
		default_domain = csail.mit.edu
		krb524_server = krb524.csail.mit.edu
	}

[domain_realm]
	.mit.edu = ATHENA.MIT.EDU
	mit.edu = ATHENA.MIT.EDU
	.media.mit.edu = MEDIA-LAB.MIT.EDU
	media.mit.edu = MEDIA-LAB.MIT.EDU
	.csail.mit.edu = CSAIL.MIT.EDU
	csail.mit.edu = CSAIL.MIT.EDU

You want to tell Kerberos to also support Kerberos 4 (replace the [login] section): 

[login]
	krb4_convert = true
	krb4_get_tickets = true

Finally, tell Kerberos what default realm to use and allow weak cryptography (add/change these lines in the [libdefaults] section): 

default_realm = ATHENA.MIT.EDU
allow_weak_crypto = true

You should now be able to use Kerberos; check this by attempting to get tickets. The following command gives you tickets for a week. 

kinit -l7d [your-username]

MIT Passwordless SSH

You should now also be able to do passwordless login to the MIT servers: 

ssh -K linux.mit.edu

If you want to do this for all connections, and accept the security risks involved for the minor convenience of not typing the -K (not suggested), you could add 

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

to either .ssh/config (prefered) or /etc/ssh/ssh_config (bad idea).

Hesiod

Zephyr relies on a service called Hesiod to tell it what servers to use. This can be installed from AUR; for me: 

sudo clyde -S hesiod

Zephyr

An AUR package for Zephyr exists, but it doesn't compile with the right flags; so, we're going to have to modify the PKGBUILD file a bit. Depending on your makepkg wrapper, you might be able to use it; if so, skip to where we edit the PKGBUILD.

First, let's get the package and open up the PKGBUILD: 

cd /tmp
curl http://aur.archlinux.org/packages/zephyr/zephyr.tar.gz | tar -xzvf -
cd zephyr
$EDITOR PKGBUILD

We want to do two things. First, use version 3.0.1 instead of version 3.0. And second, use Kerberos and Hesiod. The final PKGBUILD is available, but I'll describe the changes here.

First, we change the pkgver, source, and md5sums variables: 

pkgver=3.0.1

source=(http://zephyr.1ts.org/export/2642/distribution/$pkgname-$pkgver.tar.gz)

md5sums=('466245dac0af7454c78bd9c4e31d67c')

Then, we change the configure line in build () to read: 

./configure --prefix=/usr --sysconfdir=/etc --with-hesiod --with-krb5 --disable-static

I've not actually verified that the --disable-static is necessary, but that's what SIPB Scripts builds with, so why not…

You should now be able to compile and install, either by telling your makepkg wrapper to do so or by running 

makepkg
sudo pacman -U zephyr-3.0.1-1-x86_64.pkg.tar.xz

Testing Zephyr

You should now be able to run 

zhm

to start up the Zephyr Host Manager (it should print nothing) and, if you have Kerberos tickets (if not, run kinit) 

zwgc -ttymode

to start up the Windowgram Client (it should also print nothing). Go ahead and try to zwrite yourself!

Zephyr Host Manager

Above we started ZHM from your user. According to SIPB members, running multiple ZHM instances is a bad idea, so it's best to set ZHM up as a daemon. This is done by the PKGBUILD linked to above1 [1 It doesn't do this in a very nice way, these types of files would really preferably be upstream, but until that happens the linked PKGBUILD works.], but for your information or if you didn't use my PKGBUILD, the changes necessary are described here.

The setup is pretty easy since the Arch init system is so easy. First, we create (as root) the file /etc/rc.d/zhm: 

sudo touch /etc/zhm
sudo chown root:root /etc/zhm
sudo chmod 0755 /etc/zhm
sudo vim /etc/zhm

Now we edit the file to include the following contents: 

#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions

PID=`pidof -o %PPID /usr/sbin/zhm`
case "$1" in
  start)
    stat_busy "Starting Zephyr Host Manager"
    [ -z "$PID" ] && /usr/sbin/zhm -d &> /dev/null
    if [ $? -gt 0 ]; then
      stat_fail
    else
      add_daemon zhm
      stat_done
    fi
    ;;
  stop)
    stat_busy "Stopping Zephyr Host Manager"
    [ ! -z "$PID" ] && kill $PID &> /dev/null
    if [ $? -gt 0 ]; then
      stat_fail
    else
      rm_daemon zhm
      stat_done
    fi
    ;;
  restart)
    $0 stop
    sleep 3
    $0 start
    ;;
  *)
    echo "usage: $0 {start|stop|restart}"
esac
exit 0

Now test if you can start the daemon: 

pkill zhm
sudo /etc/rc.d/zhm start

Finally, you may (if you so choose), add zhm to the DAEMONS list in rc.conf.

Barnowl

Barnowl is a wonderful Zephyr (and also, apparently, AIM and Jabber and IRC and Twitter) client, available from AUR. Install it from there; I did so with 

sudo clyde -S barnowl

and you can now start it with 

barnowl

Happy Zephyring!

Footnotes:

1

It doesn't do this in a very nice way, these types of files would really preferably be upstream, but until that happens the linked PKGBUILD works.