From owner-freebsd-security@FreeBSD.ORG Tue Jan 11 14:48:51 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74C2916A4CE for ; Tue, 11 Jan 2005 14:48:51 +0000 (GMT) Received: from www.cyclades.de (mail.cyclades.de [62.225.173.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id D024243D1F for ; Tue, 11 Jan 2005 14:48:50 +0000 (GMT) (envelope-from mh@kernel32.de) Received: from [192.168.10.147] (helo=[192.168.10.147]) by www.cyclades.de with asmtp (Cipher TLSv1:RC4-MD5:128) (Exim 3.35 #1 (Debian)) id 1CoNJy-0006Xo-00; Tue, 11 Jan 2005 15:48:34 +0100 Message-ID: <41E3E6C3.7070801@kernel32.de> Date: Tue, 11 Jan 2005 15:46:27 +0100 From: Marian Hettwer User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeremie Le Hen References: <20050110190814.J49931@gabba.so.cpt1.za.uu.net> <20050111142739.GK686@obiwan.tataz.chchile.org> In-Reply-To: <20050111142739.GK686@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-MailScanner: Found to be clean X-MailScanner-SpamCheck: cc: freebsd-security@freebsd.org cc: Gareth Hopkins Subject: Re: MIT Kerberos and OpenSSH X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 14:48:51 -0000 Hej There, Jeremie Le Hen wrote: > > > I'm not a buildworld guru, but I think that with NO_KERBEROS=yes, > /usr/bin/sshd(8) will obviously NOT be linked with any krb library. not true at all. NO_KERBEROS=yes says that heimdal kerberos shouldn't be compiled, AFAIK. > IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob. > that's the way I would go. However, you need to make sure that the Ports OpenSSH doesn't interfer with the Base OpenSSH. just my 2 ¢ ;) Marian