Date: Sun, 27 Jan 2002 20:19:09 -0500 (EST) From: Garrett Wollman <wollman@hergotha.lcs.mit.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/34363: openssh-portable does not support modern Kerberos Message-ID: <200201280119.g0S1J9a58814@hergotha.lcs.mit.edu>
next in thread | raw e-mail | index | archive | help
>Number: 34363
>Category: ports
>Synopsis: openssh-portable does not support modern Kerberos
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 27 17:20:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
MIT Laboratory for Computer Science
>Environment:
System: FreeBSD hergotha.lcs.mit.edu 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jan 26 16:37:15 EST 2002 wollman@hergotha.lcs.mit.edu:/usr/src/sys/i386/compile/HERGOTHA i386
/usr/ports/security/openssh-portable/Makefile:
$FreeBSD: ports/security/openssh-portable/Makefile,v 1.18 2002/01/05 11:37:49 dinoex Exp $
(Assuming the patch in my previous PR is already installed.)
>Description:
OpenSSH supports Kerberos v5 authentication, but this is not
enabled in the portable version. A patch is available to
correct this deficiency for those wishing to use this port
with Kerberos. In addition, a patch is also available from
Simon Wilkinson to implement the GSS-API key-exchange
mechanism for SSHv2, which is currently being standardized.
Use of this mechanism with Kerberos v5 obviates the need for
manual management of host keys, a considerable improvement for
large Kerberos sites.
>How-To-Repeat:
N/A
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- Makefile 5 Jan 2002 11:37:49 -0000 1.18
+++ Makefile 28 Jan 2002 01:05:52 -0000
@@ -21,7 +21,8 @@
CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
USE_OPENSSL= YES
-GNU_CONFIGURE= yes
+GNU_CONFIGURE= YES
+
CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords
CLEAN= etc/ssh_config etc/sshd_config etc/moduli \
etc/ssh_host_key etc/ssh_host_key.pub \
@@ -34,6 +35,25 @@
.if exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+= --with-tcp-wrappers
+.endif
+
+.if defined(KRB5_HOME)
+MASTER_SITES+= http://www.sxw.org.uk/computing/patches/
+PATCH_SITES+= ${MASTER_SITES}
+EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
+DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi.patch
+PATCHFILES= ${PORTNAME}-${PORTVERSION}-krb5.patch
+
+CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME}
+BUILD_DEPENDS+= autoconf:${PORTSDIR}/devel/autoconf
+
+post-patch:
+ @${ECHO} Applying extra patch for GSS-API key-exchange...
+ @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
+ < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi.patch
+
+pre-configure:
+ @cd ${WRKSRC}; autoconf && autoheader
.endif
.if defined(OPENSSH_OVERWRITE_BASE)
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo 2 Dec 2001 06:52:42 -0000 1.6
+++ distinfo 28 Jan 2002 01:06:41 -0000
@@ -1 +1,3 @@
MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
+MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
+MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201280119.g0S1J9a58814>