From owner-freebsd-arch@freebsd.org Tue May 29 12:58:56 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 599F3F7AB8C for ; Tue, 29 May 2018 12:58:56 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660072.outbound.protection.outlook.com [40.107.66.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D035068E8B; Tue, 29 May 2018 12:58:55 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTOPR0101MB0953.CANPRD01.PROD.OUTLOOK.COM (52.132.44.24) by YTOPR0101MB0876.CANPRD01.PROD.OUTLOOK.COM (52.132.50.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.797.11; Tue, 29 May 2018 12:58:53 +0000 Received: from YTOPR0101MB0953.CANPRD01.PROD.OUTLOOK.COM ([fe80::3108:2182:5a42:5f4]) by YTOPR0101MB0953.CANPRD01.PROD.OUTLOOK.COM ([fe80::3108:2182:5a42:5f4%13]) with mapi id 15.20.0797.017; Tue, 29 May 2018 12:58:53 +0000 From: Rick Macklem To: Sean Bruno , Cy Schubert , Benjamin Kaduk CC: freebsd-arch Subject: Re: How to update or should we update Kerberos Thread-Topic: How to update or should we update Kerberos Thread-Index: AQHT9vWfrLN1Ao0bcEmrsam5xc+PSqRGqHyAgAABQKI= Date: Tue, 29 May 2018 12:58:53 +0000 Message-ID: References: <201805290234.w4T2YZH9003991@slippy.cwsent.com>, <8e9fa53a-7455-d408-501e-461f40d44a3a@freebsd.org> In-Reply-To: <8e9fa53a-7455-d408-501e-461f40d44a3a@freebsd.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rmacklem@uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTOPR0101MB0876; 7:yR/36CtAWZKRSoTRXX83i+StqJUjHhEX5xA3VSZWWefHsUS7ipr98BO9NBy+7fO1w68/x5fg4DJI6xmaXp/Jjz82igZ0Pg75pSP+VTqBNVvfK6qoj7/wteMLen6B+loys+jnrm4gA3ICgDsY/7S15GAxo5FQBFb4xXYWZcVHgIJWDFEgk4lv4hpb9Fqq4oZopWxv7Ajjin3k7xf9uCkluJIDWqEXSfb6wdIFF4hpzYIbrLurzuh8HBUcXaECNWK2 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989080)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(2017052603328)(7153060)(7193020); SRVR:YTOPR0101MB0876; x-ms-traffictypediagnostic: YTOPR0101MB0876: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(10201501046)(149027)(150027)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:YTOPR0101MB0876; BCL:0; PCL:0; RULEID:; SRVR:YTOPR0101MB0876; x-forefront-prvs: 0687389FB0 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(39380400002)(39860400002)(346002)(376002)(199004)(189003)(2171002)(486006)(305945005)(106356001)(110136005)(446003)(74316002)(6246003)(25786009)(4326008)(81166006)(8936002)(105586002)(316002)(786003)(229853002)(11346002)(86362001)(97736004)(81156014)(5250100002)(2900100001)(476003)(186003)(102836004)(2906002)(9686003)(59450400001)(6436002)(14454004)(26005)(76176011)(33656002)(7696005)(3280700002)(53936002)(99286004)(6506007)(478600001)(15650500001)(8676002)(5660300001)(68736007)(3660700001)(74482002)(55016002); DIR:OUT; SFP:1101; SCL:1; SRVR:YTOPR0101MB0876; H:YTOPR0101MB0953.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: uoguelph.ca does not designate permitted sender hosts) x-microsoft-antispam-message-info: HvSFzK7q/c8Lz6SUAgsb4b3Rdk6Eu7YAPVeXBxG0qmgbfQJJgrIALsp7WLqKGTIgUm4PV7kcvZMsoIVhakv0Wmb6OMwY8iDErTH7cLQ7aK6Rno2i0opdIeDEt1yNxTb2uy9744doDuSf8LLxMrNEuudP3YRL1zOZ1q4MM0u3OAgdrtO9MBfnjfe7OUXRnkV/ spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 5302d287-45d4-4c9d-03a7-08d5c563ee34 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-Network-Message-Id: 5302d287-45d4-4c9d-03a7-08d5c563ee34 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2018 12:58:53.0832 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR0101MB0876 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 12:58:56 -0000 Sean Bruno wrote: [stuff snipped] >Heh, yeah, I asked this question *wrong*. I know how we use it in the >cluster. :-) > >I mean to ask, "why aren't we using ports for kerberos?" What purpose >does it serve in the base system? Although I have no idea how many use it, both the NFS client and server can= do Kerberized mounts. I haven't tried, but it probably needs some bits to buil= d it and if you move it to ports, there would be duplicates (and the opportunity= to have one change without the other introducing a hard to find bug). Also, I'd argue that security technology like this is pretty "core". I am mainly referring to the libraries and client side stuff and not the KD= C. rick