Date: Thu, 19 Apr 2018 08:31:24 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Renato Botelho <garga@FreeBSD.org>, "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "svn-ports-all@freebsd.org" <svn-ports-all@freebsd.org>, "svn-ports-head@freebsd.org" <svn-ports-head@freebsd.org> Subject: RE: svn commit: r467768 - head/security/sudo Message-ID: <20180419153120.1EDF7C2E@spqr.komquats.com>
next in thread | raw e-mail | index | archive | help
You can already use sudo with Kerberos through pam. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert <Cy.Schubert@cschubert.com> or <cy@freebsd.org> The need of the many outweighs the greed of the few. --- -----Original Message----- From: Renato Botelho Sent: 19/04/2018 06:11 To: ports-committers@freebsd.org; svn-ports-all@freebsd.org; svn-ports-head= @freebsd.org Subject: svn commit: r467768 - head/security/sudo Author: garga Date: Thu Apr 19 13:11:34 2018 New Revision: 467768 URL: https://svnweb.freebsd.org/changeset/ports/467768 Log: - Add new options to security/sudo to make it possible to build it with kerberos support. - Bump PORTREVISION =20 PR: 225498 Submitted by: Cullum Smith <cullum@c0ffee.net> Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/security/sudo/Makefile Modified: head/security/sudo/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- head/security/sudo/Makefile Thu Apr 19 13:09:58 2018 (r467767) +++ head/security/sudo/Makefile Thu Apr 19 13:11:34 2018 (r467768) @@ -3,6 +3,7 @@ =20 PORTNAME=3D sudo PORTVERSION=3D 1.8.22 +PORTREVISION=3D 1 CATEGORIES=3D security MASTER_SITES=3D SUDO =20 @@ -28,8 +29,9 @@ CONFIGURE_ARGS=3D --sysconfdir=3D${PREFIX}/etc \ --with-long-otp-prompt =20 OPTIONS_DEFINE=3D LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL= \ - AUDIT OPIE NLS SSSD DOCS EXAMPLES -OPTIONS_DEFAULT=3D AUDIT + AUDIT OPIE PAM NLS SSSD DOCS EXAMPLES +OPTIONS_RADIO=3D KERBEROS +OPTIONS_DEFAULT=3D AUDIT PAM OPTIONS_SUB=3D yes =20 INSULTS_DESC=3D Enable insults on failures @@ -37,9 +39,13 @@ DISABLE_ROOT_SUDO_DESC=3D Do not allow root to run sudo DISABLE_AUTH_DESC=3D Do not require authentication by default NOARGS_SHELL_DESC=3D Run a shell if no arguments are given AUDIT_DESC=3D Enable BSM audit support +KERBEROS_DESC=3D Enable Kerberos 5 authentication (no PAM support) OPIE_DESC=3D Enable one-time passwords (no PAM support) SSSD_DESC=3D Enable SSSD backend support. =20 +PAM_PREVENTS=3D OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +PAM_PREVENTS_MSG=3D PAM cannot be combined with any other authentication p= lugin + LOGFAC?=3D authpriv CONFIGURE_ARGS+=3D --with-logfac=3D${LOGFAC} =20 @@ -67,10 +73,24 @@ DISABLE_ROOT_SUDO_CONFIGURE_ON=3D --disable-root-sudo DISABLE_AUTH_CONFIGURE_ON=3D --disable-authentication NOARGS_SHELL_CONFIGURE_ENABLE=3D noargs-shell AUDIT_CONFIGURE_WITH=3D bsm-audit +PAM_CONFIGURE_ON=3D --with-pam OPIE_CONFIGURE_ON=3D --with-opie -OPIE_CONFIGURE_OFF=3D --with-pam SSSD_CONFIGURE_ON=3D --with-sssd SSSD_RUN_DEPENDS=3D sssd:security/sssd + +OPTIONS_RADIO_KERBEROS=3D GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_BASE_USES=3D gssapi +GSSAPI_BASE_CONFIGURE_ON=3D --with-kerb5=3D${GSSAPIBASEDIR} ${GSSAPI_CONFI= GURE_ARGS} +GSSAPI_HEIMDAL_USES=3D gssapi:heimdal +GSSAPI_HEIMDAL_CONFIGURE_ON=3D --with-kerb5=3D${GSSAPIBASEDIR} ${GSSAPI_CO= NFIGURE_ARGS} +GSSAPI_MIT_USES=3D gssapi:mit +GSSAPI_MIT_CONFIGURE_ON=3D --with-kerb5=3D${GSSAPIBASEDIR} ${GSSAPI_CONFIG= URE_ARGS} +# This is intentionally not an option. +# SUDO_KERB5_INSTANCE is an optional instance string that will be appended= to kerberos +# principals when to perform authentication. Common choices are "admin" an= d "sudo". +.if defined(SUDO_KERB5_INSTANCE) +CONFIGURE_ARGS+=3D --enable-kerb5-instance=3D"${SUDO_KERB5_INSTANCE}" +.endif =20 .include <bsd.port.options.mk> =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180419153120.1EDF7C2E>