Date: Sun, 27 Jan 2002 20:19:09 -0500 (EST) From: Garrett Wollman <wollman@hergotha.lcs.mit.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/34363: openssh-portable does not support modern Kerberos Message-ID: <200201280119.g0S1J9a58814@hergotha.lcs.mit.edu>
next in thread | raw e-mail | index | archive | help
>Number: 34363 >Category: ports >Synopsis: openssh-portable does not support modern Kerberos >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 27 17:20:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Garrett Wollman >Release: FreeBSD 5.0-CURRENT i386 >Organization: MIT Laboratory for Computer Science >Environment: System: FreeBSD hergotha.lcs.mit.edu 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jan 26 16:37:15 EST 2002 wollman@hergotha.lcs.mit.edu:/usr/src/sys/i386/compile/HERGOTHA i386 /usr/ports/security/openssh-portable/Makefile: $FreeBSD: ports/security/openssh-portable/Makefile,v 1.18 2002/01/05 11:37:49 dinoex Exp $ (Assuming the patch in my previous PR is already installed.) >Description: OpenSSH supports Kerberos v5 authentication, but this is not enabled in the portable version. A patch is available to correct this deficiency for those wishing to use this port with Kerberos. In addition, a patch is also available from Simon Wilkinson to implement the GSS-API key-exchange mechanism for SSHv2, which is currently being standardized. Use of this mechanism with Kerberos v5 obviates the need for manual management of host keys, a considerable improvement for large Kerberos sites. >How-To-Repeat: N/A >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v retrieving revision 1.18 diff -u -r1.18 Makefile --- Makefile 5 Jan 2002 11:37:49 -0000 1.18 +++ Makefile 28 Jan 2002 01:05:52 -0000 @@ -21,7 +21,8 @@ CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto USE_OPENSSL= YES -GNU_CONFIGURE= yes +GNU_CONFIGURE= YES + CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords CLEAN= etc/ssh_config etc/sshd_config etc/moduli \ etc/ssh_host_key etc/ssh_host_key.pub \ @@ -34,6 +35,25 @@ .if exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-tcp-wrappers +.endif + +.if defined(KRB5_HOME) +MASTER_SITES+= http://www.sxw.org.uk/computing/patches/ +PATCH_SITES+= ${MASTER_SITES} +EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} +DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi.patch +PATCHFILES= ${PORTNAME}-${PORTVERSION}-krb5.patch + +CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} +BUILD_DEPENDS+= autoconf:${PORTSDIR}/devel/autoconf + +post-patch: + @${ECHO} Applying extra patch for GSS-API key-exchange... + @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \ + < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi.patch + +pre-configure: + @cd ${WRKSRC}; autoconf && autoheader .endif .if defined(OPENSSH_OVERWRITE_BASE) Index: distinfo =================================================================== RCS file: /home/ncvs/ports/security/openssh-portable/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- distinfo 2 Dec 2001 06:52:42 -0000 1.6 +++ distinfo 28 Jan 2002 01:06:41 -0000 @@ -1 +1,3 @@ MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6 +MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090 +MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201280119.g0S1J9a58814>