From owner-freebsd-arch@freebsd.org  Tue May 29 00:36:12 2018
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA73CF70DAF
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Tue, 29 May 2018 00:36:12 +0000 (UTC) (envelope-from kaduk@mit.edu)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu
 [18.9.25.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DAAA6C550;
 Tue, 29 May 2018 00:36:12 +0000 (UTC) (envelope-from kaduk@mit.edu)
X-AuditID: 1209190c-61fff7000000405f-16-5b0c9f46a1cb
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35])
 (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id
 0B.81.16479.64F9C0B5; Mon, 28 May 2018 20:31:02 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11])
 by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w4T0V0QC012363;
 Mon, 28 May 2018 20:31:01 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com
 [24.107.191.124]) (authenticated bits=56)
 (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w4T0UvMX021327
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Mon, 28 May 2018 20:30:59 -0400
Date: Mon, 28 May 2018 19:30:57 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Sean Bruno <sbruno@freebsd.org>
Cc: freebsd-arch <freebsd-arch@freebsd.org>
Subject: Re: How to update or should we update Kerberos
Message-ID: <20180529003057.GB65175@kduck.kaduk.org>
References: <d26a370c-fad0-3340-647d-89a52520cc92@freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline
In-Reply-To: <d26a370c-fad0-3340-647d-89a52520cc92@freebsd.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrIKsWRmVeSWpSXmKPExsUixCmqrOs2nyfa4M0dI4vZ06cxWfT0nmB0
 YPKY8Wk+SwBjFJdNSmpOZllqkb5dAlfGo8XPGAu2CVTc2rmZrYFxEl8XIyeHhICJxJdVi9m6
 GLk4hAQWM0ncenaJBcLZyCgx//ACdgjnKpPEmquL2UFaWARUJS487WYBsdkEVCQaui8zg9gi
 AsoS2zu6GUFsZgFtiXunWthAbGEBc4nGOcfAbF6gdQtPrQfrFRKwkzh97xMrRFxQ4uTMJywQ
 vWUSjQ8eA9kcQLa0xPJ/HCBhTgF7iZblF8BKRIFW7e07xD6BUWAWku5ZSLpnIXRDhLUkbvx7
 yYQhrC2xbOFrZgjbVmLduvcsCxjZVzHKpuRW6eYmZuYUpybrFicn5uWlFuka6uVmluilppRu
 YgSHviTPDsYzb7wOMQpwMCrx8DIw8UQLsSaWFVfmHmKU5GBSEuU9zwMU4kvKT6nMSCzOiC8q
 zUktPsSoArTr0YbVFxilWPLy81KVRHi5dLmihXhTEiurUovyYcqkOViUxHmzFzFGCwmkJ5ak
 ZqemFqQWwWRlODiUJHgr5wEtECxKTU+tSMvMKUFIM3FwHmKU4OABGt4PUsNbXJCYW5yZDpE/
 xagoJc6rC5IQAElklObB9YJSlkT2/ppXjOJAbwlDtPMA0x1c9yugwUxAg59M5AYZXJKIkJJq
 YBTXZXBt5K+w7pHmvKGjahrnt//FtKkx1V5BnH+Lwupl/lx5cvL93tW9tnMVviwTKlCKer1w
 zqfZD912/v9dknB0bw4jr6BR1t32y2rO2xRe7+V1PJMvJb9r6b7HnU+fRKvn5HjVa906sefb
 2x154txc3UHMWUV5GvsvMIic2TS7SU50thXXeiWW4oxEQy3mouJEAOpFNtA0AwAA
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 00:36:13 -0000


--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 28, 2018 at 12:49:41PM -0600, Sean Bruno wrote:
> https://github.com/heimdal/heimdal/releases
>=20
> Since we haven't updated Kerberos for 6 years, I'm curious why we even

cy has some WIP in projects/krb5, which at least initially was to
switch to MIT krb5 in base (but now may be more ambitious and leave
both Heimdal and MIT options).

> have it floating around in base.
>=20
> I'm ignorant as to what we need it for.

It's a great way to simplify the bootstrap process when setting up
new machines (in an existing realm environment), in particular, it
is used in the FreeBSD cluster.  Prior to pkgng's introduction of
signed packages, it was the only way for me to securely integrate a
new install that did not involve hand-transcribing key material or
putting it on removable media.  I think the signed-packages
situation helps somewhat, but there are definitely still cases where
it's useful to have.

On the other hand, it's also sometimes frustrating when it's
6-year-old code and I also want to be in an MIT krb5 environment.
But I hope that cy will continue with the project branch and we'll
get an update "soon".

-Ben

--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQG3BAABCgAdFiEE2WGV4E2ARf9BYP0XKNmm82TrdRIFAlsMnzYACgkQKNmm82Tr
dRITqwwgjD6UspRytOlHGOKWn0QTysW/YgnJQ6jvZi4lVfKmmG95QqmgtZI/A5g8
WcKwkBNGlTWGD9i+QXPmvnKLjkwIB1tUey/3CYP2GVRuiFqiI0aJBirSoMvAZEUO
IIo0mAVMT6MzY8szuKWnuh6pU+2c0oUKqASy3TZ28manwOSU0b6Ylh5YXJslbSpV
EeMGa2VApFfVk1E/E3Lro7RytFziMMLX7oy4PscelP6Tj+YxrOoQ1QlGvea2XGHQ
99bEKm04Ilmu4WAmvexKdVpdJ5CGTNpZD9TqAerTmDSGY7IH+vMFQyrzc8oWIIuS
U/x07Ghnjjq/AERt2hWNPDd1Wn25sVvluCMssdkg6qrFN7ZFBbc02b5wgNGVFRnk
ufPOlZoT04bwrjng6bAwXmTw0jZb660pK90EUwNahp1ubiiGxn522Wgu9KX9ti7y
dWSpGedBSVCBEH84JVU6bk7yquGuJw7xh8fMNuSFCHSwwXOr3vs2B9RIjVsXFvLQ
MYq/DLcxWYG1dQ==
=3nZb
-----END PGP SIGNATURE-----

--jI8keyz6grp/JLjh--