From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 15 22:20:08 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75EE010656A7 for ; Mon, 15 Nov 2010 22:20:08 +0000 (UTC) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12]) by mx1.freebsd.org (Postfix) with ESMTP id E18778FC27 for ; Mon, 15 Nov 2010 22:20:07 +0000 (UTC) Received: from mailhost.frm2.tum.de (localhost [127.0.0.1]) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id oAFM8JEM039518 for ; Mon, 15 Nov 2010 23:08:19 +0100 (CET) (envelope-from Joerg.Pulz@frm2.tum.de) X-Virus-Scanned: at mailhost.frm2.tum.de Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10]) (authenticated bits=0) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id oAFM8HAs039515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 15 Nov 2010 23:08:17 +0100 (CET) (envelope-from Joerg.Pulz@frm2.tum.de) Date: Mon, 15 Nov 2010 23:08:14 +0100 (CET) From: Joerg Pulz To: freebsd-hackers@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (mailhost.frm2.tum.de [129.187.179.12]); Mon, 15 Nov 2010 23:08:17 +0100 (CET) Subject: [CFT+RFC] patch to buildworld with heimdal from ports X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2010 22:20:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, after the security/heimdal port was updated to the current heimdal release and i added one missing function from base it is now possible to completely buildworld src/ using the port for all Kerberos5/GSSAPI enabled parts. The patches for src/ are here: ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/CURRENT_use_kerberos_port.patch ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/8-STABLE_use_kerberos_port.patch ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/8.1-RELENG_use_kerberos_port.patch Here are the necessary steps - - install security/heimdal - - download the patch - - cd /usr/src && patch -p0 < patchfile - - add WITH_KERBEROS_PORT=1 to /etc/src.conf - - add HEIMDAL_HOME= (usually /usr/local) to /etc/make.conf - - make buildworld as usual To get a clean system you should add WITHOUT_KERBEROS=1 to /etc/src.conf otherwise you will still build and install the base Kerberos5/GSSAPI implementation. If you decide to add this to /etc/src.conf, don't forget to run 'make delete-old delete-old-libs' to get rid of all the old stuff. If you try this on 8-STABLE or 8.1-RELENG there will still be leftovers but as soon as tools/build/mk/OptionalObsoleteFiles.inc gets MFC'd it should at least on 8-STABLE no longer be a problem. There is one drawback. As the port installs no 32bit libraries on amd64 or powerpc64 there is no chance to build and install the following 32bit compat libraries: librpcsec_gss, pam_krb5, pam_ksu. The 32bit libssh will be build and installed but without Kerberos5/GSSAPI support. You should rebuild all ports which make use of the base Kerberos5/GSSAPI libraries. See ports/152029 and ports/152071 for additional ports related patches. I use all this stuff on several machines right now and didn't found any problem, it rather solved the problems i had with the broken stuff in base, especially OpenLDAP with Cyrus-Sasl or Cyrus-Imapd and so on. So everyone, please test and comment as i would really like to see this functionality in base to provide people with an easy to use solution to work around the old and partially broken Kerberos5/GSSAPI stuff in base. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iD8DBQFM4a9RSPOsGF+KA+MRAgnFAJ9s26Insh0AJkxCBgSsEALrMuN5nQCgyxYL fUNRYFwA+t+ozBF2U74uYhY= =aKfM -----END PGP SIGNATURE-----