Date: Thu, 19 Apr 2018 13:11:34 +0000 (UTC) From: Renato Botelho <garga@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r467768 - head/security/sudo Message-ID: <201804191311.w3JDBYnY088172@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: garga Date: Thu Apr 19 13:11:34 2018 New Revision: 467768 URL: https://svnweb.freebsd.org/changeset/ports/467768 Log: - Add new options to security/sudo to make it possible to build it with kerberos support. - Bump PORTREVISION PR: 225498 Submitted by: Cullum Smith <cullum@c0ffee.net> Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/security/sudo/Makefile Modified: head/security/sudo/Makefile ============================================================================== --- head/security/sudo/Makefile Thu Apr 19 13:09:58 2018 (r467767) +++ head/security/sudo/Makefile Thu Apr 19 13:11:34 2018 (r467768) @@ -3,6 +3,7 @@ PORTNAME= sudo PORTVERSION= 1.8.22 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SUDO @@ -28,8 +29,9 @@ CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --with-long-otp-prompt OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \ - AUDIT OPIE NLS SSSD DOCS EXAMPLES -OPTIONS_DEFAULT= AUDIT + AUDIT OPIE PAM NLS SSSD DOCS EXAMPLES +OPTIONS_RADIO= KERBEROS +OPTIONS_DEFAULT= AUDIT PAM OPTIONS_SUB= yes INSULTS_DESC= Enable insults on failures @@ -37,9 +39,13 @@ DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo DISABLE_AUTH_DESC= Do not require authentication by default NOARGS_SHELL_DESC= Run a shell if no arguments are given AUDIT_DESC= Enable BSM audit support +KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support) OPIE_DESC= Enable one-time passwords (no PAM support) SSSD_DESC= Enable SSSD backend support. +PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin + LOGFAC?= authpriv CONFIGURE_ARGS+= --with-logfac=${LOGFAC} @@ -67,10 +73,24 @@ DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo DISABLE_AUTH_CONFIGURE_ON= --disable-authentication NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell AUDIT_CONFIGURE_WITH= bsm-audit +PAM_CONFIGURE_ON= --with-pam OPIE_CONFIGURE_ON= --with-opie -OPIE_CONFIGURE_OFF= --with-pam SSSD_CONFIGURE_ON= --with-sssd SSSD_RUN_DEPENDS= sssd:security/sssd + +OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_BASE_USES= gssapi +GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_HEIMDAL_USES= gssapi:heimdal +GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_MIT_USES= gssapi:mit +GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +# This is intentionally not an option. +# SUDO_KERB5_INSTANCE is an optional instance string that will be appended to kerberos +# principals when to perform authentication. Common choices are "admin" and "sudo". +.if defined(SUDO_KERB5_INSTANCE) +CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}" +.endif .include <bsd.port.options.mk>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804191311.w3JDBYnY088172>