From owner-cvs-src@FreeBSD.ORG Mon May 5 05:01:15 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A679537B401; Mon, 5 May 2003 05:01:15 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id E519343F93; Mon, 5 May 2003 05:01:14 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.nectar.cc (Postfix) with ESMTP id 2894826; Mon, 5 May 2003 07:01:14 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 6714578C4A; Mon, 5 May 2003 07:01:13 -0500 (CDT) Date: Mon, 5 May 2003 07:01:13 -0500 From: "Jacques A. Vidrine" To: Mark Murray Message-ID: <20030505120113.GB21530@madman.celabo.org> References: <200305050758.h457wiEQ043565@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200305050758.h457wiEQ043565@repoman.freebsd.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: NO_KERBEROS (was Re: cvs commit: src/kerberos5 ...) X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2003 12:01:16 -0000 On Mon, May 05, 2003 at 12:58:44AM -0700, Mark Murray wrote: > Log: > Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra > cleanups were necessary in release/Makefile, and the tinderbox code > was syntax checked, not run checked. Hi, Mark! Thanks so much! This takes care of many issues which were bothering me. First and foremost, now we no longer have the bad situation where the Kerberos bits were installed by default, but they were not rebuilt by default during `make world'. This was leaving stale Kerberos libraries and utilities in many situations. Now the Kerberos bits are treated more like the other (in theory) `optional' components of `make world'. Getting rid of the separate Kerberos 4 and Kerberos 5 distributions makes applying fixes, regression testing, and package building significantly simpler (at least from the security-officer perspective). This also removes some misgivings I had about enabling Kerberos support in more parts of the base system --- with separate distributions, each Kerberos-enabled utility became a fork and a support issue. Binary patches (such as those occassionally issued by the SO team and those by 3rd parties such as Colin's updater) will be more widely applicable now. This should cut make release times a wee bit, since we don't have to build telnet and ssh quite so many times. (Now if we could only dispatch the `crypto' distribution :-) Finally, this brings us in line with the other BSDs (NetBSD, OpenBSD, and Mac OS X), which all have Kerberos built-in. Thanks again! Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se