From owner-freebsd-security@FreeBSD.ORG  Tue Jan 11 17:02:39 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1209E16A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 11 Jan 2005 17:02:39 +0000 (GMT)
Received: from mx01.uunet.co.za (mx01.uunet.co.za [196.31.48.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 98B0443D2D
	for <freebsd-security@freebsd.org>;
	Tue, 11 Jan 2005 17:02:38 +0000 (GMT)
	(envelope-from ghopkins@uunet.co.za)
Received: from [196.30.72.11] (helo=pixproxy.so.cpt1.za.uu.net)
	by mx01.uunet.co.za with esmtp (Exim 4.34; FreeBSD)
	id 1CoPPa-0008Vx-HI; Tue, 11 Jan 2005 19:02:35 +0200
Received: from gabba.so.cpt1.za.uu.net (gabba.so.cpt1.za.uu.net
	[196.30.72.25])
	by pixproxy.so.cpt1.za.uu.net (Postfix) with ESMTP id 93F4857B3;
	Tue, 11 Jan 2005 19:02:27 +0200 (SAST)
Date: Tue, 11 Jan 2005 19:02:27 +0200 (SAST)
From: Gareth Hopkins <ghopkins@uunet.co.za>
X-X-Sender: gareth@gabba.so.cpt1.za.uu.net
To: Marian Hettwer <MH@kernel32.de>
In-Reply-To: <41E3E6C3.7070801@kernel32.de>
Message-ID: <20050111190043.Y49931@gabba.so.cpt1.za.uu.net>
References: <20050110190814.J49931@gabba.so.cpt1.za.uu.net>
	<41E3E6C3.7070801@kernel32.de>
X-Cell: +27 82 929 6668
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanner: Scanned By ClamAV
X-Spam-Score: -4.9 (----)
X-Scan-Signature: fc8f8023c2a914d1e5081738c3296aec
X-Mailman-Approved-At: Wed, 12 Jan 2005 15:18:44 +0000
cc: freebsd-security@freebsd.org
cc: Jeremie Le Hen <jeremie@le-hen.org>
Subject: Re: MIT Kerberos and OpenSSH
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2005 17:02:39 -0000

On Tue, 11 Jan 2005, Marian Hettwer wrote:

MH>Hej There,
MH>
MH>Jeremie Le Hen wrote:
MH>> 
MH>> 
MH>> I'm not a buildworld guru, but I think that with NO_KERBEROS=yes,
MH>> /usr/bin/sshd(8) will obviously NOT be linked with any krb library.
MH>not true at all. NO_KERBEROS=yes says that heimdal kerberos shouldn't be
MH>compiled, AFAIK.
MH>
MH>> IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob.
MH>> 
MH>that's the way I would go.
MH>However, you need to make sure that the Ports OpenSSH doesn't interfer with
MH>the Base OpenSSH.

Howdie,

	Thanks for the replies. The reason for setting NO_KERBEROS is I do 
not want heimdal kerberos built, as I want to use the MIT package. 

	There must be a way to get the base system openssh to build against
the installed MIT port. 

---
Gareth Hopkins
Server Operations
UUNET South Africa