From owner-freebsd-security@FreeBSD.ORG  Tue Jan 11 20:15:15 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1F7E816A4CE
	for <freebsd-security@FreeBSD.ORG>;
	Tue, 11 Jan 2005 20:15:15 +0000 (GMT)
Received: from storm.uk.FreeBSD.org (storm.uk.FreeBSD.org [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8C61D43D31
	for <freebsd-security@FreeBSD.ORG>;
	Tue, 11 Jan 2005 20:15:14 +0000 (GMT)
	(envelope-from mark@grondar.org)
Received: from storm.uk.FreeBSD.org (uucp@localhost [127.0.0.1])
	by storm.uk.FreeBSD.org (8.13.1/8.13.1) with ESMTP id j0BKFCIq024570;
	Tue, 11 Jan 2005 20:15:12 GMT
	(envelope-from mark@grondar.org)
Received: (from uucp@localhost)j0BKFA5t024569;
	Tue, 11 Jan 2005 20:15:10 GMT	(envelope-from mark@grondar.org)
Received: from grondar.org (localhost [127.0.0.1])
	by grovel.grondar.org (8.13.1/8.13.1) with ESMTP id j0BKAqR7072466;
	Tue, 11 Jan 2005 20:10:52 GMT
	(envelope-from mark@grondar.org)
Message-Id: <200501112010.j0BKAqR7072466@grovel.grondar.org>
X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4
To: Gareth Hopkins <gareth@za.uu.net>
From: Mark Murray <markm@FreeBSD.ORG>
In-Reply-To: Your message of "Tue, 11 Jan 2005 10:44:55 +0200."
             <20050111104421.V49931@gabba.so.cpt1.za.uu.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 11 Jan 2005 20:10:52 +0000
Sender: mark@grondar.org
cc: freebsd-security@FreeBSD.ORG
Subject: Re: MIT Kerberos and OpenSSH 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2005 20:15:15 -0000

Gareth Hopkins writes:
> 
> Howdie,
> 
>  	Is there a way to get the default BSD 5.3 openssh to compile against 
> the MIT kerberos libraries? I have set NO_KERBEROS=yes in /etc/make.conf so
> that the heimdal kerberos is not built, and rebuilt world, then installed 
> /usr/ports/security/krb5 and rebuilt world again. sshd is however not being 
> built against MIT at all.

This is a very bad idea. You may get the compile to work, but you will 
then have a non-standard confuguration, and all assistance bets are off.

I'm still working your problem (sorry about the delay!) and I'll get 
back to you as soon as I have something.

Please rebuild _without_ NO_KERBEROS.

Thanks!

M
--
Mark Murray
iumop ap!sdn w,I idlaH