From owner-svn-doc-all@FreeBSD.ORG Wed Jul 16 02:47:18 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 77A641D0; Wed, 16 Jul 2014 02:47:18 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6459A2130; Wed, 16 Jul 2014 02:47:18 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6G2lIrB071286; Wed, 16 Jul 2014 02:47:18 GMT (envelope-from bjk@svn.freebsd.org) Received: (from bjk@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6G2lIgo071285; Wed, 16 Jul 2014 02:47:18 GMT (envelope-from bjk@svn.freebsd.org) Message-Id: <201407160247.s6G2lIgo071285@svn.freebsd.org> From: Benjamin Kaduk Date: Wed, 16 Jul 2014 02:47:18 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r45306 - head/en_US.ISO8859-1/books/porters-handbook X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 02:47:18 -0000 Author: bjk Date: Wed Jul 16 02:47:17 2014 New Revision: 45306 URL: http://svnweb.freebsd.org/changeset/doc/45306 Log: Attempt to dispel rumors that GSSAPI and Kerberos are interchangable. The Generic Security Services Application Programming Interface is an abstract interface for creating security contexts between two peers to allow for secure passing of messages and other operations, which allows for the use of many different underlying security mechanisms. Kerberos 5 is a common such security mechanism, but is far from the only mechanism in use. Many krb5 implementations provide a GSSAPI library that provides the krb5 mechanism(s); in some cases, those libraries can also support user-provided GSSAPI mechanisms as well. The only implementations of the GSSAPI which are currently supported by the USES=gssapi support in the Ports Collection are such libraries provided by krb5 implementations. Approved by: hrs (mentor) Modified: head/en_US.ISO8859-1/books/porters-handbook/uses.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/uses.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/uses.xml Tue Jul 15 23:10:35 2014 (r45305) +++ head/en_US.ISO8859-1/books/porters-handbook/uses.xml Wed Jul 16 02:47:17 2014 (r45306) @@ -275,10 +275,12 @@ flags, bootstrap - Handle dependency on Kerberos - ports. By default, or set to base, - Kerberos from the base system is - used. Set to heimdal to use Handle dependencies needed by consumers of the + GSS-API. Only libraries that provide the + Kerberos mechanism are available. + By default, or set to base, + the GSS-API library from the base system is used. + Can also be set to heimdal to use security/heimdal, or mit to use security/krb5. @@ -287,7 +289,8 @@ installation is not in LOCALBASE, set HEIMDAL_HOME (for heimdal) or KRB5_HOME (for krb5) to - the base Kerberos directory. + the location of the Kerberos + installation. These variables are exported for the ports to use: @@ -301,7 +304,7 @@ GSSAPI_CONFIGURE_ARGS - The flags option can be set with + The flags option can be given alongside base, heimdal, or mit to automatically add GSSAPICPPFLAGS, @@ -312,7 +315,7 @@ base,flags. The bootstrap option is a special prefix - only for use with security/krb5 + only for use by security/krb5 and security/heimdal. For example, use bootstrap,mit.