Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Feb 2016 14:01:02 -0500
From:      Rick Miller <vmiller@hostileadmin.com>
To:        Polytropon <freebsd@edvax.de>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Heimdal Kerberos Installed?
Message-ID:  <CAHzLAVFSNDxMipe9%2Bvo=u4_JCpPYnskW2bxzA4s=S3G8vFf1dA@mail.gmail.com>
In-Reply-To: <20160202165454.d9b6246e.freebsd@edvax.de>
References:  <CAHzLAVFHKzunAh8xim5ESnLAD5OsVLoA6yp9S%2BEcBYjtHmDDEQ@mail.gmail.com> <20160202165454.d9b6246e.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Feb 2, 2016 at 10:54 AM, Polytropon <freebsd@edvax.de> wrote:

> On Tue, 2 Feb 2016 10:48:52 -0500, Rick Miller wrote:
> > Hi all,
> >
> > I've discovered kerberos binaries in /usr/bin and /usr/sbin that had been
> > presumed not installed as the build system utilizes NO_KERBEROS=YES in
> > make.conf that built the resulting distribution based on the releng/10.0
> > branch.  It had been presumed that kerberos bits would not be included
> > outside of /usr/local where security/krb5 is being installed.
> > [...]
> > The problem is that it appears Heimdal Kerberos appears to be installed
> > despite the presence of NO_KERBEROS=YES in make.conf.  Are there base
> > kerberos bits that do get installed regardless of the existence of this
> > knob?  Is there an expectation that this knob notation (as opposed to
> > WITHOUT_KERBEROS) works with releng/10.0?
>
> Did you check /etc/src.conf settings as well? From "man src.conf":
>
>      WITHOUT_KERBEROS
>              Set this if you do not want to build Kerberos 5 (KTH Heimdal).
>              When set, it also enforces the following options:
>
>              WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI)
>              WITHOUT_KERBEROS_SUPPORT
>
>      WITHOUT_KERBEROS_SUPPORT
>              Set to build some programs without Kerberos support, like
> cvs(1),
>              ssh(1), telnet(1), sshd(8), and telnetd(8).
>
> Also see WITHOUT_CRYPT and WITHOUT_OPENSSL entries in that file.


I had not checked src.conf(5).  Thanks for the tip.

Based on src.con(5), WITHOUT_KERBEROS enforces WITHOUT_KERBEROS_SUPPORT
thus implying the necessity to install OpenSSH and friends via Ports/pkg w/
Kerberos support compiled in to obtain that functionality, but with MIT
Krb.  Is this an accurate assumption?


-- 
Take care
Rick Miller

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHzLAVFSNDxMipe9%2Bvo=u4_JCpPYnskW2bxzA4s=S3G8vFf1dA>