As a further update we've had to do the following to proceed further:
- Install krb5-libs-1.9.4-1.aix5.1.ppc.rpm
- Change the compiler flags in binding.gyp in the kerberos npm package... I think the important one was having '-std=c++11' in cflags
- Install gcc version 4.8.3 instead of 4.6.2 to support the above flag
The module then compiled and was usable, but we hit a few more issues.
1. Although it would run in the chroot environment, it wouldn't run when copied it out into PASE as various libraries were missing:
These could potentially be made available by installing the relevant rpms into the real PASE environment, but in order to reduce the risk of doing something unwanted to our PASE environment we chose to copy the specific files somewhere and set/export LIBPATH to include that path.
2. The system krb5.conf and krb5.keytab files need to be referenced but the latter is a secured file for obvious reasons and the former on our system has lines with leading spaces which the kerberos module did not like. For testing we've taken a copy of them elsewhere, edited the copy of krb5.conf to remove leading spaces and point it to the copy of krb5.keytab, and set/export KRB5_CONFIG to point it at the copy of krb5.conf.
All seems to test OK at this stage but it's taken a tremendous number of steps to get this far and I'm unsure how maintainable this is going to be going forwards. There's also an EIM LDAP lookup step to figure out next.
From: Mark Ford
Sent: 07 September 2017 09:04
To: 'IBMi Open Source Roundtable'
Subject: RE: [IBMiOSS] node.js - 'module did not self-register' error
Thanks. I'll be looking into this further today but I have also been thinking ahead about how this is going to work if we can get it to compile correctly...
As this module is clearly going to be using AIX Kerberos libraries/functions it's presumably going to be expecting to find the config/keytab files in a certain place, probably under /etc. They probably won't exist there in the PASE environment so I'm wondering if we're going to be faced with the prospect of symlinking to the 'real' IBM i ones (which may have issues with compatibility, conflicts, permissions, etc) or copying the 'real' ones into the expected PASE location (in which case we end up with two copies).
An alternative we were considering was calling out from node to an RPG program via the XML Toolkit which in turn would use the IBM i GSS-APIs to perform the authentication but there doesn't seem to be a lot in the way of documentation or examples on how to use them so we haven't had much luck with this approach.
From: OpenSource [mailto:opensource-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Bartell
Sent: 06 September 2017 19:00
To: IBMi Open Source Roundtable
Subject: Re: [IBMiOSS] node.js - 'module did not self-register' error
This is way harder than we expected.
Hard today, yes. This is going to become much easier once IBM gets the PASE package manager released. The amount of automation will be soooo much better. [Aaron realizes he has 'Linux lust']
It looks like perzl has gcc 6.3: http://www.oss4aix.org/download/RPMS/gcc/
I am still using 4.8.3 I believe. Please keep the updates coming. Many will use your current hardship for their future success.
IBM i hosting, starting at $157/month. litmis.com/spaces
Proud partner of The Ageas Bowl.
This email has been sent by and on behalf of one or more of Ageas (UK) Limited (registered no: 1093301 ), Ageas Insurance Limited (registered no: 354568), Ageas Retail Limited (registered no: 1324965), or a subsidiary of Ageas (UK) Limited (together “Ageas UK”). Ageas UK companies are registered in England and Wales, and each entity’s registered office is Ageas House, Hampshire Corporate Park, Templars Way, Eastleigh SO53 3YA.
Ageas Retail Limited is authorised and regulated by the Financial Conduct Authority. Financial Services Register Number: 312468.
Ageas Insurance Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register Number: 202039
This e-mail together with any attachments are intended for the addressee only and may be private and confidential. If you are not the intended recipient, or the person responsible for delivering it to the intended recipient, you must not open any attachments, or copy, disclose, distribute, retain or use this e-mail, including any attachments, in any way whatsoever; please return it to us immediately using the reply facility on e-mail.
Consider the environment and think before you print this email.