From owner-freebsd-arch@freebsd.org Tue May 29 13:04:33 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC9BEF7B1FE for ; Tue, 29 May 2018 13:04:33 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A89D6952A; Tue, 29 May 2018 13:04:32 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id NeIZfrbHLSzNNNeIbfEMgT; Tue, 29 May 2018 07:04:25 -0600 X-Authority-Analysis: v=2.3 cv=KuxjJ1eN c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=VUJBJC2UJ8kA:10 a=UqCG9HQmAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=w8qqzX4uBYbWuJsBrMMA:9 a=CjuIK1q_8ugA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id BDEA8742; Tue, 29 May 2018 06:04:23 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id w4TD4N8J059916; Tue, 29 May 2018 06:04:23 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id w4TD4NAr059913; Tue, 29 May 2018 06:04:23 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201805291304.w4TD4NAr059913@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Rick Macklem cc: Sean Bruno , Cy Schubert , Benjamin Kaduk , freebsd-arch Subject: Re: How to update or should we update Kerberos In-Reply-To: Message from Rick Macklem of "Tue, 29 May 2018 12:58:53 -0000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 29 May 2018 06:04:23 -0700 X-CMAE-Envelope: MS4wfG17W6cTgCRslf0tC4DLXqSOpiXJJRu1Lw7f/Iy1H7DmM8dIrmAfBkJqBKvKsLa09BsgzttsIQb8uJYQWdo4adSydmKrGNOYuR2pliNDyGad8buSJnVn gpcMP9OvJKVeIBa6Y4Ad4CW0zGt9Zjo5bTSRKm112+Granr2Oh0ptS8lBoGYd6dMlIXbBZBIu7tg/H9SF+BrOGJGsTGpCrkS55ncxfdqccPyGfPTsUBV3m0o 1gW8v6hvjwX9oNt/QGN3KJdieng7hFwgiiC5HJQgl0E= X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 13:04:34 -0000 In message , Rick Macklem writes: > Sean Bruno wrote: > [stuff snipped] > >Heh, yeah, I asked this question *wrong*. I know how we use it in the > >cluster. :-) > > > >I mean to ask, "why aren't we using ports for kerberos?" What purpose > >does it serve in the base system? > Although I have no idea how many use it, both the NFS client and server can d > o > Kerberized mounts. I haven't tried, but it probably needs some bits to build > it > and if you move it to ports, there would be duplicates (and the opportunity t > o > have one change without the other introducing a hard to find bug). > > Also, I'd argue that security technology like this is pretty "core". > > I am mainly referring to the libraries and client side stuff and not the KDC. IMO the base should only contain the libraries and client side. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.