From nobody Sun Oct 5 20:57:34 2025 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cfvqh579kz6Bg55 for ; Sun, 05 Oct 2025 20:57:52 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cfvqh0ZgZz3xhc for ; Sun, 05 Oct 2025 20:57:52 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=g1D4ddV9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=rick.macklem@gmail.com Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-62fca216e4aso10082650a12.0 for ; Sun, 05 Oct 2025 13:57:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759697866; x=1760302666; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=sXszF9kYJNoToZRRHUrHlV4HTL938VCE8PxYcbb+w20=; b=g1D4ddV9638atgOnSRjn/EhaDUf2R+SRcA1Rnu39KEr0zilarBUP6WU1CvLqenUlB5 xcjOqm4rY8PBv7aJfgudWxIDRpPMZHhQweYkKCKRxlT21Nvk5meNUASdotYDmp3FCVdS 2nHBiS6d5VfunxxniriILuk5IESQ8t+slFxwmnwMHXg7BD2qENh+11q49NEjYZumkLAe KC6v/ukResEwx8gpKniFRYnzzWjRKFklzoVzm5OGsTQ9QLMigFR6aBOyl38Jb6nfuoPp OQJYzQSEufalzpoEDdeZQ3RkvgP8CWPbmEYTnCXn/fmszGa3bw1JMX8mxkHWxGiiQPFC zYqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759697866; x=1760302666; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=sXszF9kYJNoToZRRHUrHlV4HTL938VCE8PxYcbb+w20=; b=ol0B3RHquShicBUphbgb2ulBgT3Uo4Ol5Yd8Czb3vTvvsAZZW0/2t/wEcHPpQ9z8fb OO0lFQQ4dX3dhFAFugjWFZwyJkS4ZekIhvq+bx/aBn7B3V75Nklbbs2ZzsyPCM88izRl BgR7b19YrWistP084kyKGo/2s2TCSlglVDIyhh/JKbrllYmJMZxi/U37yOyxwtFEhuIE pDN4/y4UEvNl6X9gAt9tDSpMJ3FRoUI0/vXXEGUCuIlv0FtrZM4XUfa3cRC0W1lrIEc2 RpZ3ecNK2erX/2EvFLJiShDv3up0NXYLX71Fuet9SAieLh3KHGvPZgzIElCmYhDoZURY eOug== X-Gm-Message-State: AOJu0Yw1p6c47gKPmX4OdkNB+o6Ji/Y0yBBLfteuUM3/2AuziMsEehFY 2jlSZlDX/6Fndj9zTv1MuMYt2xxx5gugidpiAolUtFqnM0olniq0uReFnuR69fP8xTx6srFldcv IkvdeXGlhTAzkzpXX9a4Gxc2wDmXj7OV2noE= X-Gm-Gg: ASbGncsKQiCgnA1CPfumECQ38yDWVYOC71eOwdPTeWLCAx8c5rzxAAAhnqoup/kyUbx sH+FYxunRMVnzgA+/+C+FRihfXeHwjMcJmVrhaJkU8bWyPKitx1Zl2VpULHigyZiCqUsiSaIq7T aX9IKsZvYC2UxdDcL+9vxbeDt/eg4t/YvXvN3lIwEpqsugrE0VfzWD34xFKBN6ir3BrTzdMCTSd NXZx6p1ceQBlekPZsDsyryM7YNsFzusYCEkp7ivWHEK1Wb4QTgVOmiDP73UCS+xol2QGhUn X-Google-Smtp-Source: AGHT+IHz8GyMvvQbqvbbjOx/ME0kOohpFmgge3ceFe3da0alkMKzgYWYXXZISoZtJqhKhPz9nrnQ1eI4oosoUT5AEmU= X-Received: by 2002:a05:6402:3484:b0:633:feba:4756 with SMTP id 4fb4d7f45d1cf-63904da2aa6mr11798185a12.12.1759697865694; Sun, 05 Oct 2025 13:57:45 -0700 (PDT) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 From: Rick Macklem Date: Sun, 5 Oct 2025 13:57:34 -0700 X-Gm-Features: AS18NWA9dyBZ8Go2x-5V27OxP4m1TAId3As7Mi5qj3CVfVnrHJ--poIoK6D1GvU Message-ID: Subject: RFC: Heimdal FreeBSD KDC users To: FreeBSD-STABLE Mailing List , Gleb Smirnoff , Cy Schubert Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.84 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.84)[-0.837]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TAGGED_FROM(0.00)[]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; MISSING_XM_UA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::533:from] X-Rspamd-Queue-Id: 4cfvqh0ZgZz3xhc Hi, I am posting to try and find out how many users are currently using the old Heimdal 1.5 KDC in FreeBSD 14.n and are interested in using the same KDC database in FreeBSD 15. I am asking because I just made a commit to main (which will soon be in stable/15) which adds support to the Heimdal code for doing a database dump in an MIT compatible format. --> The problem is that it will require a make buildworld, make installworld from sources with WITHOUT_MITKRB5="yes" set in /etc/src.conf, followed by an (re)upgrade with the default MIT Kerberos setting. (ie. no WITHOUT_MITKRB5="yes") Because the patch is rather large (commit 5000d023a446 in main) and a lot of it was a couple of cherry-picks from Heimdal 7.8, I cannot easily audit it for any security vulnerability it might have introduced. As such, I am not comfortable MFC'ng it to stable/14, although that would make the conversion path easier. So, who out there needs this Heimdal->MIT KDC database conversion? Thanks for any info, rick