From owner-freebsd-security Wed Dec 3 12:46:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA11586 for security-outgoing; Wed, 3 Dec 1997 12:46:03 -0800 (PST) (envelope-from owner-freebsd-security) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA11572 for ; Wed, 3 Dec 1997 12:45:59 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id MAA06343; (8.8.8/RDY) Wed, 3 Dec 1997 12:45:28 -0800 (PST) Message-Id: <199712032045.MAA06343@burka.rdy.com> Subject: Re: Kerberos 5 or Kerberos IV or DCE? In-Reply-To: <199712031551.HAA04971@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Dec 3, 97 07:50:40 am" To: cschuber@uumail.gov.bc.ca Date: Wed, 3 Dec 1997 12:45:28 -0800 (PST) Cc: assar@sics.se, dima@best.net, mohacsi@fsz.bme.hu, freebsd-security@freebsd.org X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Cy Schubert - ITSD Open Systems Group writes: > > dima@best.net (Dima Ruban) writes: > > > > Heimdal? I there a working version of DCE for FreeBSD? > > > > > > Last time I've checked Heimdal - it had too many problems and was _not_ > > > compatible with krb5 from MIT. It was about 2 month ago. > > > > There has been progress. It's not perfect, but it does work under > > FreeBSD (my laptop runs FreeBSD, so...). > > I've had KRB5 beta 6 through 1.0.3 running on FreeBSD for over a year. The > only problem is that the Kerberos distribution doesn't perform lastlogin under > FreeBSD, because FreeBSD does not have a lastlog.h (the struct is defined in > utmp.h). A small patch fixes this. I'll be submitting this to MIT when I get > a chance (probably this weekend). I've already done that. It's gonna be (hopefully) included with the next release. Meanwhile, I can put my krb5 patches on my ftp site, if anybody is interested. And, by the way, lastlog stuff is not the only problem. > Other KRB5 problems are not specific to FreeBSD and are usually fixed by the > ANL patches, which usually get rolled into the next release by MIT. > > A port should be simple to create, however it could not fetch the source into > distfiles: This would have to be performed by the sysadmin. Configuration is > simple. I use; > > /configure --with-cc=gcc --with-aname-db=db --with-kdb-db=db > --prefix= --with-ccopts=-O You don't need to specify db stuff in the release, it does berkeley db by default. > The --with-krb4 option is only required if you use a KRB4 client like sudo or > popper. If memory serves, KerbNet has popper with krb5 patches. > > > > /assar > > > > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > UNIX Support OV/VM: BCSC02(CSCHUBER) > ITSD BITNET: CSCHUBER@BCSC02.BITNET > Government of BC Internet: cschuber@uumail.gov.bc.ca > Cy.Schubert@gems8.gov.bc.ca > > "Quit spooling around, JES do it." > > -- dima