From owner-freebsd-current@FreeBSD.ORG Wed Jan 28 19:50:51 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBAAA106567D for ; Wed, 28 Jan 2009 19:50:51 +0000 (UTC) (envelope-from gtodd@bellanet.org) Received: from smtp116.rog.mail.re2.yahoo.com (smtp116.rog.mail.re2.yahoo.com [68.142.225.232]) by mx1.freebsd.org (Postfix) with SMTP id 7DE6E8FC18 for ; Wed, 28 Jan 2009 19:50:51 +0000 (UTC) (envelope-from gtodd@bellanet.org) Received: (qmail 2688 invoked from network); 28 Jan 2009 19:24:09 -0000 Received: from unknown (HELO wawanesa.iciti.ca) (gtodd@99.246.4.156 with login) by smtp116.rog.mail.re2.yahoo.com with SMTP; 28 Jan 2009 19:24:08 -0000 X-YMail-OSG: 09pf7xAVM1kP62eL21FyhFns6XDddQrFN921kUt4QZWmADoAB12qG8xTkJdbpHb.1g-- X-Yahoo-Newman-Property: ymail-3 Received: from wawanesa.iciti.ca (wawanesa.iciti.ca [192.168.2.4]) by wawanesa.iciti.ca (Postfix) with ESMTP id 1BCA987; Wed, 28 Jan 2009 14:24:09 -0500 (EST) Message-ID: <4980B0D8.9010506@bellanet.org> Date: Wed, 28 Jan 2009 14:24:08 -0500 From: Graham Todd User-Agent: Thunderbird 2.0.0.19 (X11/20090116) MIME-Version: 1.0 To: current@freebsd.org References: <20090122121750.GA14657@sr.se> In-Reply-To: <20090122121750.GA14657@sr.se> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: cy@FreeBSD.org, Gunnar Flygt , shaun@FreeBSD.org Subject: Re: Backporting of Heimdal 1.1 to 7.* X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 19:50:52 -0000 Gunnar Flygt wrote: > Is there any possibility that heimdal 1.1 that works beautifully in > Current will be backported to FreeBSD-7.x? What if the port was updated to 1.1 to match base in CURRENT or to 1.2.1 for testing? :-) Upstream heimdal is at 1.2.1 but I think there is some pthread trickiness involved in getting it to compile (does anyone know what is missing there?) For 1.1 you can change the values in the distinfo and Makefile in the current port (which is at 1.0.1) and build a new 1.1 package to use on 7.*. The rc script from the version in ports could use modernizing to make more use of rc.subr magic, but things seem to work. If you use PAM with kerberos I think the pam_krb5 in base and in ports is behind the upstream version as well. Russ Allbery maintains pam-krb5 at: http://www.eyrie.org/~eagle/software/pam-krb5/ - it has some options that could be useful for newer kerberos like: try_pkinit, etc. I don't know if much testing of these various new bits has been done on FreeBSD. I believe the pam_krb5 folks are working on some tools that will help people do simple tests before upgrades and the like. > Please CC me since I'm only subscribed to stable, not current. I've cc'ed the maintainers of pam-krb5 and heimdal too :) > Gunnar Flygt > Sveriges Radio Teknik/IT