From owner-freebsd-questions@freebsd.org Tue Feb 2 19:01:06 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2361AA98452 for ; Tue, 2 Feb 2016 19:01:06 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED7A2323 for ; Tue, 2 Feb 2016 19:01:05 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Received: by mail-ob0-x231.google.com with SMTP id ba1so159362022obb.3 for ; Tue, 02 Feb 2016 11:01:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=x4mzTvn21SA+nVOhN+8Zlw5wwAgxFOX49Yv4ptwxMb8=; b=LzKLk8+utIBpkgHZXQOUg0GKQuY4FAUAUuwabakyjpMy3D0VrcpDFU7C7sAd+4GaoU L1IAvIqPq5fQnnBB7iReh5wODmSkBYaME+sJbLy+IbZ9e6vFV20O5ngOfzPd8rvjmUmq metro9rx5fQDZWSjjNhoClMzhhrqZ8fphbDVlkp93Ag0dLr8DNfRipSSokNdPgcf5k4U LX1ml4+pK6kbWylwPj5G9gAxB2Qp6NaMuoZ+ktkcfBiD1eYZaUFyWCLha3wcDw0NV1j1 ZYebn8bEci8bXR060dgYPRyNWKEAqWJp6+/qGZXSgkj+4w8/GmntSHHP9klnCQ8nmX7j No2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=x4mzTvn21SA+nVOhN+8Zlw5wwAgxFOX49Yv4ptwxMb8=; b=Md7SHaLtLD+Db57YdC1OwYeXrj3aWRk1b19dBN+DPXUSi7qSIoyvSyaDLiI+JRtfb+ jBDhqIaNbP81QE+6qTYi+ITyvM7sOJra1XnnWEtHEMTdVhDTnVON+B58zg27PKp1PIja gfdPfS/AAKtbDL9T3dnotHw80vpCdNM6nErXYrcj+44JzyjwOYCn+ckHTIG74qkk7xR/ C9ZyTlD35Pri6LtqMjKwp13i0V3DDNeNSKVwb/3tLsJ9ObBEyqE3rhS9tR7n6Odx1TSx /TY2jtZd8A0Ap1d+mG7xbYXNgVQclT/0l2xLMoubjIjSCszoKfM4l+DxrsCh3NPrMSMK x/Qg== X-Gm-Message-State: AG10YORaxkxP5nrKyW+6jDR9vRn49+mNimIkhgl1XPpHnjoWsQ6NpuGo6+yISI/q8tJ7JO7BDL7S1eC4WS5IQQ== MIME-Version: 1.0 X-Received: by 10.182.79.200 with SMTP id l8mr26126109obx.18.1454439663008; Tue, 02 Feb 2016 11:01:03 -0800 (PST) Sender: vrwmiller@gmail.com Received: by 10.202.170.77 with HTTP; Tue, 2 Feb 2016 11:01:02 -0800 (PST) In-Reply-To: <20160202165454.d9b6246e.freebsd@edvax.de> References: <20160202165454.d9b6246e.freebsd@edvax.de> Date: Tue, 2 Feb 2016 14:01:02 -0500 X-Google-Sender-Auth: qjCG-H71q5yE2U7xoLFxWrZWmpM Message-ID: Subject: Re: Heimdal Kerberos Installed? From: Rick Miller To: Polytropon Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2016 19:01:06 -0000 On Tue, Feb 2, 2016 at 10:54 AM, Polytropon wrote: > On Tue, 2 Feb 2016 10:48:52 -0500, Rick Miller wrote: > > Hi all, > > > > I've discovered kerberos binaries in /usr/bin and /usr/sbin that had been > > presumed not installed as the build system utilizes NO_KERBEROS=YES in > > make.conf that built the resulting distribution based on the releng/10.0 > > branch. It had been presumed that kerberos bits would not be included > > outside of /usr/local where security/krb5 is being installed. > > [...] > > The problem is that it appears Heimdal Kerberos appears to be installed > > despite the presence of NO_KERBEROS=YES in make.conf. Are there base > > kerberos bits that do get installed regardless of the existence of this > > knob? Is there an expectation that this knob notation (as opposed to > > WITHOUT_KERBEROS) works with releng/10.0? > > Did you check /etc/src.conf settings as well? From "man src.conf": > > WITHOUT_KERBEROS > Set this if you do not want to build Kerberos 5 (KTH Heimdal). > When set, it also enforces the following options: > > WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI) > WITHOUT_KERBEROS_SUPPORT > > WITHOUT_KERBEROS_SUPPORT > Set to build some programs without Kerberos support, like > cvs(1), > ssh(1), telnet(1), sshd(8), and telnetd(8). > > Also see WITHOUT_CRYPT and WITHOUT_OPENSSL entries in that file. I had not checked src.conf(5). Thanks for the tip. Based on src.con(5), WITHOUT_KERBEROS enforces WITHOUT_KERBEROS_SUPPORT thus implying the necessity to install OpenSSH and friends via Ports/pkg w/ Kerberos support compiled in to obtain that functionality, but with MIT Krb. Is this an accurate assumption? -- Take care Rick Miller