Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 06 Jan 2024 00:33:08 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 247940] Introduce gssapi=.. in DEFAULT_VERSIONS like for ssl=...
Message-ID:  <bug-247940-7788-Kt1b4fnCjI@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-247940-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-247940-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247940

--- Comment #12 from Siva Mahadevan <me@svmhdvn.name> ---
Adding to this discussion due to a new issue that comes up with the move to
OpenSSL 3 in FreeBSD 14.

I use heimdal as my preferred kerberos implementation. Heimdal upstream has=
n't
seen a release in a while (current version is 7.8), and heimdal-devel (trac=
king
git HEAD) fixes a bunch of issues related to OpenSSL 3 support. I'd ideally
like to use heimdal-devel as my gssapi provider in all ports that support i=
t.

Currently, I don't see an option to use heimdal-devel (or even MIT krb5-dev=
el)
as the gssapi provider in any ports. I do mostly see the following OPTIONS
being supported across the board in a mostly-standard way as comment #10
suggests:
* GSSAPI_NONE
* GSSAPI_BASE
* GSSAPI_HEIMDAL
* GSSAPI_MIT

I'd additionally like to see the following:
* GSSAPI_HEIMDAL_DEVEL
* GSSAPI_MIT_DEVEL

But instead of adding support for these to every port that can support them,
I'd like to see support for choosing the version added to the DEFAULT_VERSI=
ONS
framework. I am in support of the proposal to:
* Replace all port OPTIONS of the form GSSAPI_* to simply GSSAPI, which will
enable or disable GSSAPI support in a given port
* Move the choice of the GSSAPI provider to the DEFAULT_VERSIONS framework =
in
the form of 'gssapi=3D(heimdal|heimdal-devel|mit|mit-devel)'

If there is consensus, I can help prepare a patchset (if one doesn't already
exist as a work-in-progress) for converting all ports, along with adding the
support to the DEFAULT_VERSIONS framework.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-247940-7788-Kt1b4fnCjI>