From owner-freebsd-hackers@FreeBSD.ORG Fri Feb 10 09:00:17 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA10E106566B for ; Fri, 10 Feb 2012 09:00:15 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 99D1F8FC0C for ; Fri, 10 Feb 2012 09:00:15 +0000 (UTC) Received: by daec6 with SMTP id c6so2665169dae.13 for ; Fri, 10 Feb 2012 01:00:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=jtv/bzTt2zwSwOvDdZKwbv55Krj5lUdbX+q/tBLIyPs=; b=IhjkZk19f0fg6+Olb6rbQTbmcXL1bvwdy0vuBtajH7iCwMCyzRZ7CUkxQBA5pj8UK+ u/fmSESXhDDJrCvzfnJ2QDwq5fcYegu7hkB3SIkdNpIR0KSJHa7yhLmEvDqUfYi2XkLl h2uhupXgwMAXT8UpRyBGyqV/Jbpn73ToUSjS8= MIME-Version: 1.0 Received: by 10.68.230.6 with SMTP id su6mr14389922pbc.54.1328864085331; Fri, 10 Feb 2012 00:54:45 -0800 (PST) Received: by 10.68.223.101 with HTTP; Fri, 10 Feb 2012 00:54:45 -0800 (PST) In-Reply-To: <487167524.1045003.1328751695510.JavaMail.root@erie.cs.uoguelph.ca> References: <487167524.1045003.1328751695510.JavaMail.root@erie.cs.uoguelph.ca> Date: Fri, 10 Feb 2012 00:54:45 -0800 Message-ID: From: Ansar Mohammed To: Rick Macklem Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, Benjamin Kaduk Subject: Re: Kerberos and FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2012 09:00:17 -0000 Thanks for the feedback. I built world and disabled Kerberos in src.conf. I will just install Heimdal via ports now. There seems to be alot of other rather old bits of software in a default installation. I noticed some old digiboard utility in a base 9.0 build. On Wed, Feb 8, 2012 at 5:41 PM, Rick Macklem wrote: > Benjamin Kaduk wrote: >> On Wed, 8 Feb 2012, Ansar Mohammed wrote: >> >> > Hello All, >> > Is the port of Heimdal on FreeBSD being maintained? The version that >> > ships with 9.0 seems a bit old. >> > >> > #> /usr/libexec/kdc-v >> > kdc (Heimdal 1.1.0) >> > Copyright 1995-2008 Kungliga Tekniska H=F6gskolan >> > Send bug-reports to heimdal-bugs@h5l.org >> >> My understanding is that every five years or so, someone becomes fed >> up >> enough with the staleness of the "current" version and puts in the >> effort >> to merge in a newer version. >> It looks like 3 years ago, dfr brought in that Heimdal 1.1 you see, to >> replace the Heimdal 0.6 that nectar brought in 8 years ago. >> I don't know of anyone with active plans to bring in a new version, at >> present. >> >> -Ben Kaduk >> > I think it's a little trickier than it sounds. The Kerberos in FreeBSD > isn't vanilla Heimdal 1.1, but a somewhat modified variant. > > Heimdal libraries have a separate source file for each function, plus > a source file that defines all global storage used by functions in the > library. > One difference w.r.t. the FreeBSD variant that I am aware of is: > - Some of the functions were moved from one library to another. (I don't > =A0know why, but maybe it was to avoid a POLA violation which would requi= re > =A0apps to be linked with additional libraries?) > =A0- To do this, some global variables were added to the source file in t= he > =A0 =A0library these functions were moved to. > As such, if you statically link an app. to both libraries, the global var= iable > can come up "multiply defined". (I ran into this when I was developing a = "gssd" > prior to the one introduced as part of the kernel rpc.) You can get aroun= d this > by dynamically linking, being careful about the order in which the librar= ies are > specified. (The command "krb5-config --libs" helps w.r.t. this.) > > I don't know what else was changed, but I do know that it isn't as trivia= l as > replacing the sources with ones from a newer Heimdal release. > > I think it would be nice if a newer Heimdal release was brought it, with = the > minimal changes required to make it work. (If that meant that apps. neede= d more > libraries, the make files could use "krb5-config --libs" to handle it, I = think?) > > Oh, and I'm not volunteering to try and do it;-) rick >