From owner-freebsd-hackers@FreeBSD.ORG Thu Feb 9 01:41:36 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D86B9106566B for ; Thu, 9 Feb 2012 01:41:36 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 962B78FC12 for ; Thu, 9 Feb 2012 01:41:36 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap4EAJIjM0+DaFvO/2dsb2JhbABDDoUBqwuBcgEBBSNWGxgCAg0ZAkgRBhOvIpFngS+KDgYCBhoMAwIFBAEGBQIEBwIdAQMCFASDHgEGAQ0GAoNAgRYEiEaMZ5ImVQ X-IronPort-AV: E=Sophos;i="4.73,387,1325480400"; d="scan'208";a="158799809" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 08 Feb 2012 20:41:35 -0500 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 80C1BB4041; Wed, 8 Feb 2012 20:41:35 -0500 (EST) Date: Wed, 8 Feb 2012 20:41:35 -0500 (EST) From: Rick Macklem To: Benjamin Kaduk Message-ID: <487167524.1045003.1328751695510.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [172.17.91.202] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - FF3.0 (Win)/6.0.10_GA_2692) Cc: freebsd-hackers@freebsd.org, Ansar Mohammed Subject: Re: Kerberos and FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 01:41:36 -0000 Benjamin Kaduk wrote: > On Wed, 8 Feb 2012, Ansar Mohammed wrote: >=20 > > Hello All, > > Is the port of Heimdal on FreeBSD being maintained? The version that > > ships with 9.0 seems a bit old. > > > > #> /usr/libexec/kdc-v > > kdc (Heimdal 1.1.0) > > Copyright 1995-2008 Kungliga Tekniska H=C3=B6gskolan > > Send bug-reports to heimdal-bugs@h5l.org >=20 > My understanding is that every five years or so, someone becomes fed > up > enough with the staleness of the "current" version and puts in the > effort > to merge in a newer version. > It looks like 3 years ago, dfr brought in that Heimdal 1.1 you see, to > replace the Heimdal 0.6 that nectar brought in 8 years ago. > I don't know of anyone with active plans to bring in a new version, at > present. >=20 > -Ben Kaduk >=20 I think it's a little trickier than it sounds. The Kerberos in FreeBSD isn't vanilla Heimdal 1.1, but a somewhat modified variant. Heimdal libraries have a separate source file for each function, plus a source file that defines all global storage used by functions in the library. One difference w.r.t. the FreeBSD variant that I am aware of is: - Some of the functions were moved from one library to another. (I don't know why, but maybe it was to avoid a POLA violation which would require apps to be linked with additional libraries?) - To do this, some global variables were added to the source file in the library these functions were moved to. As such, if you statically link an app. to both libraries, the global varia= ble can come up "multiply defined". (I ran into this when I was developing a "g= ssd" prior to the one introduced as part of the kernel rpc.) You can get around = this by dynamically linking, being careful about the order in which the librarie= s are specified. (The command "krb5-config --libs" helps w.r.t. this.) I don't know what else was changed, but I do know that it isn't as trivial = as replacing the sources with ones from a newer Heimdal release. I think it would be nice if a newer Heimdal release was brought it, with th= e minimal changes required to make it work. (If that meant that apps. needed = more libraries, the make files could use "krb5-config --libs" to handle it, I th= ink?) Oh, and I'm not volunteering to try and do it;-) rick