From owner-freebsd-security@FreeBSD.ORG  Wed Jan 12 08:41:50 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5039F16A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 12 Jan 2005 08:41:50 +0000 (GMT)
Received: from mx01.uunet.co.za (mx01.uunet.co.za [196.31.48.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 559AE43D2F
	for <freebsd-security@freebsd.org>;
	Wed, 12 Jan 2005 08:41:49 +0000 (GMT)
	(envelope-from gareth@za.uu.net)
Received: from [196.30.72.11] (helo=pixproxy.so.cpt1.za.uu.net)
	by mx01.uunet.co.za with esmtp (Exim 4.34; FreeBSD)
	id 1Coe4T-000LZd-2w; Wed, 12 Jan 2005 10:41:45 +0200
Received: from gabba.so.cpt1.za.uu.net (gabba.so.cpt1.za.uu.net
	[196.30.72.25])
	by pixproxy.so.cpt1.za.uu.net (Postfix) with ESMTP id 9407757AC;
	Wed, 12 Jan 2005 10:41:40 +0200 (SAST)
Date: Wed, 12 Jan 2005 10:41:40 +0200 (SAST)
From: Gareth Hopkins <gareth@za.uu.net>
X-X-Sender: gareth@gabba.so.cpt1.za.uu.net
To: Jeremie Le Hen <jeremie@le-hen.org>
In-Reply-To: <20050111205640.GL686@obiwan.tataz.chchile.org>
Message-ID: <20050112103938.K49931@gabba.so.cpt1.za.uu.net>
References: <20050110190814.J49931@gabba.so.cpt1.za.uu.net>
	<41E3E6C3.7070801@kernel32.de>
	<20050111205640.GL686@obiwan.tataz.chchile.org>
X-Cell: +27 82 929 6668
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanner: Scanned By ClamAV
X-Spam-Score: -4.9 (----)
X-Scan-Signature: 1a007ac50ac15387d5378093bd6068b5
cc: freebsd-security@freebsd.org
Subject: Re: MIT Kerberos and OpenSSH
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2005 08:41:50 -0000

On Tue, 11 Jan 2005, Jeremie Le Hen wrote:

JLH>> 	Thanks for the replies. The reason for setting NO_KERBEROS is I do 
JLH>> not want heimdal kerberos built, as I want to use the MIT package. 
JLH>> 
JLH>> 	There must be a way to get the base system openssh to build against
JLH>> the installed MIT port. 
JLH>
JLH>Please, look at Curry Searle's post.  As you can see, there is a
JLH>KRB5_HOME knob in make.conf(5).  Setting it to "/usr/local" will surely
JLH>do the trick.

Howdie,

	It looks like most of those kerberos options are no longer valid 
in BSD 5.x. Everything works fine on BSD 4.10 with the KERBEROS options 
set. 
	
	Will play a little more today with the 5.3 installation. 

	Any other info would be greatly appreciated :) 

---
Gareth Hopkins
Server Operations
UUNET South Africa