Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 01 Jun 2024 15:29:08 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 277650] Remove supporting linking ports against Heimdal from base (GSSAPI_BASE)
Message-ID:  <bug-277650-7788-jIBQ2nQAG9@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-277650-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-277650-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277650

Marcin Cie=C5=9Blak <saper@saper.info> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |saper@saper.info

--- Comment #27 from Marcin Cie=C5=9Blak <saper@saper.info> ---
(In reply to Siva Mahadevan from comment #13)

Siva, I will just give you a practical example.

Two days ago I have installed a DragonFlyBSD system. They did what you sugg=
est
- they have removed Kerberos support from the base completely.

Basically I ended up with a system I could not ssh out of. I have attempted=
 to
install openssh-portable, but this was broken because GSSAPI patch from Deb=
ian
which has to be applied didn't fetch. This is
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278222 with the fix hop=
efully
coming out of https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279437

Then I had to update openssh-portable to a newer version and apply a newer
patch.
By the way, it still does not work and I am still troubleshooting. Two days
have passed.

Back to FreeBSD, after I have tested
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279437 I still could no=
t make
ssh connection due to "rc4 8: EVP_CipherInit_ex einit" error.

As it turned out, https://github.com/heimdal/heimdal/issues/1224 was a prob=
lem.
But I could fix it by installing heimdal-devel as provided by cy@ (big than=
ks).

Speaking of maintenance burden, getting it to work requires well-maintained
openssh-portable with a random patch from Debian and a well-maintained Kerb=
eros
implementation port, usually done by different people.

Therefore, no, and please keep it in base for as long as we can.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277650-7788-jIBQ2nQAG9>