Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Oct 2025 01:27:08 -0700
From:      Cy Schubert <Cy.Schubert@cschubert.com>
To:        Rick Macklem <rick.macklem@gmail.com>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Gleb Smirnoff <glebius@freebsd.org>, Cy Schubert <cy@FreeBSD.org>
Subject:   Re: RFC: Heimdal FreeBSD KDC users
Message-ID:  <20251006082708.83FA51876@slippy.cwsent.com>
In-Reply-To: <aOMTpQ43qBRdRyHz@amaryllis.le-fay.org>
References:  <CAM5tNy4BPvMd2Uv_w_qd8oU0sZJ8AwfwWemrE78%2BtuRgX9Dy7g@mail.gmail.com> <aOMTpQ43qBRdRyHz@amaryllis.le-fay.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <aOMTpQ43qBRdRyHz@amaryllis.le-fay.org>, Lexi Winter writes:
> 
>
> --TwTq9I2l5Fo3D1/W
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
>
> Rick Macklem wrote in <CAM5tNy4BPvMd2Uv_w_qd8oU0sZJ8AwfwWemrE78+tuRgX9Dy7g@ma
> il.gmail.com>:
> > --> The problem is that it will require a
> >       make buildworld, make installworld from
> >       sources with WITHOUT_MITKRB5="yes"
> >       set in /etc/src.conf, followed by an (re)upgrade
> >       with the default MIT Kerberos setting.
> >       (ie. no WITHOUT_MITKRB5="yes")
>
> would it make sense to provide this version of kadmin (+ whatever
> else is required) as a self-contained port, so people could more
> easily install it for a one-off migration?  that might also make
> it less risky to provide on 14.x, if that's useful.
>

kadmin from Heimda 1.5.2 cannot be ported without porting all or much of 
Heimdal 1.5.2. It uses many functions in the various Heimdal libraries. A 
Heimdal 1.5.2 port might be difficult to maintain as it's sensitive to the 
OpenSSL in base.

We already have a Heimdal 7.8.0 port that includes a kadmin that does 
support export to MIT. But, it has the same issues with ancient crypto that 
recent versions of MIT do.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e**(i*pi)+1=0

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20251006082708.83FA51876>