From owner-cvs-all Wed Jan 29 5: 4:51 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D8FF37B401; Wed, 29 Jan 2003 05:04:49 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id B43FC43F43; Wed, 29 Jan 2003 05:04:48 -0800 (PST) (envelope-from nectar@celabo.org) Received: from opus.celabo.org (opus.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id A6EA3E; Wed, 29 Jan 2003 07:04:47 -0600 (CST) Received: by opus.celabo.org (Postfix, from userid 1001) id D4A7256D4; Wed, 29 Jan 2003 07:03:12 -0600 (CST) Date: Wed, 29 Jan 2003 07:03:12 -0600 From: "Jacques A. Vidrine" To: Peter Wemm Cc: "Matthew N. Dodd" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib/libcrypto opensslconf-alpha.h opensslconf-i386.h opensslconf-ia64.h opensslconf-powerpc.h opensslconf-sparc64.h Message-ID: <20030129130312.GA17951@opus.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Peter Wemm , "Matthew N. Dodd" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <20030129021501.GB51683@opus.celabo.org> <20030129074300.5237A2A89E@canning.wemm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030129074300.5237A2A89E@canning.wemm.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 28, 2003 at 11:43:00PM -0800, Peter Wemm wrote: > "Jacques A. Vidrine" wrote: > > More completely: Kerberos 5 users who want support for the Kerberos > > 5 cipher suites in SSL/TLS (RFC 2712) must use OpenSSL 0.9.7 from the > > ports tree, along with MIT Kerberos 5. > > > > This shouldn't mean much to anyone, since previously there has never > > been support for RFC 2712 in the versions of OpenSSL included with > > FreeBSD. > > Well, there is an ever so slight problem on the freebsd.org cluster: > > Jan 28 23:39:40 panther sshd[76989]: in openpam_load_module(): no pam_krb5.so found > Jan 28 23:39:40 panther sshd[76989]: fatal: PAM: initialisation failed > > But not being able to log in probably doesn't mean much to anyone. > > :-( I doubt seriously this has anything at all to do with this commit or topic (OPENSSL_NO_KRB5 / RFC 2712). Was the whole world rebuilt? Despite the fact that going from `0.9.6' to `0.9.7' does not `sound' like a big change, OpenSSL 0.9.7 has binary incompatibilities with previous versions. Thus the bump in the installed libraries (libcrypto.so.3, libssl.so.3). If some parts of the base system were not rebuilt, there may be problems (e.g. sshd linking to 0.9.7/libcrypto.so.3, but pam_krb5.so having been built against 0.9.6). Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message