From nobody Mon Jul 28 03:26:03 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4br3mC6rFsz63T1V; Mon, 28 Jul 2025 03:26:19 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4br3mB6l8Qz3rx9; Mon, 28 Jul 2025 03:26:18 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=lmR5KZ46; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=rick.macklem@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-ae0c571f137so756180966b.0; Sun, 27 Jul 2025 20:26:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753673176; x=1754277976; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=c1H9Ih+KAkk2kX3rl72F8y7LaWROU3bZPzGMp1wMGEk=; b=lmR5KZ46ycg4uPk+ehTBV7NYvYT168P8fUA4UZ7D8O0PNubbyDdVoA3p6fQQNU2045 vBl5V7f/B6P1BoQhdq3FVjDfU5VcmlfOEIn01YMKq2saJH0QvWC+D9pmhPTaHwoovK4x Vc9vErjn1RbTIO9AdasfLz6Kqn3/q7nB9P3Xgs2JDhxjq/13vltdBK9/C2cAtANd4x57 MOeFFphU9n09pS848CoS1JzvSZiTt6yXyoxyif+MYcdigEWZWkN2w5cA+BJK/B0J/jBj vzuw8arUbwo0Hisx1engIC9zC2DZ66fmbMnvzSYWdW08jLDod1v45hnd8j68184/X8jX UnvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753673176; x=1754277976; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c1H9Ih+KAkk2kX3rl72F8y7LaWROU3bZPzGMp1wMGEk=; b=eNlhagraTGEIFtDwvur1hooSMoe2EVDNKiafH3ihJKi3bRIV0NhB+uPsOtlXbWRp5z FipbYe1w6skFfyS0DaFbbcgDZg6MS/z3ATZJPgT1gj89XnAft0CPxOHxtXbVq7bh1rfN sSLFVPltoE9EyjmMyrsKlf0XolwAXSz4eYFHlPDV6xe4xtlNsT+2+eEgquX7KLxXrzPd dEUVM5Ltyi1l9LHB4+CbBOQJCzAHGMvFBkjXJxrrUcZPq6aWcUsKo9qnT38BO5RDvkbg uPY6Zs2m9v7KzqZgotIuh7BbKBD6bvBkJ3Cm2NXl3YqeH2jHzyixB5lFoEnJeHnv74fq q8fw== X-Forwarded-Encrypted: i=1; AJvYcCVFgpn/kLi64jOlmHNkHxXXTvCHl+LsT1o2Gt1o+fUCuNyEG/IzYmODwka4sOCpTuFYCbNh2cpRfdiZCi5AfEbbid4v8Iw=@freebsd.org, AJvYcCVWgJ82SD42UH0C94Va6wCDKqgEkRqNaZGSEU9Bg3wkWxU+epc93wb1/zsjrqkNM9ju+5ONF6AXFkvIcs2c8NvdzHB7OQ==@freebsd.org, AJvYcCXHt9LkM6pTQyfSdtEBlgcCGM7AOpwYREU6iA+/tw99T+NndxoyDUfWYGvM+t/YM34+6PMWawMHm6IvcjoSw0U=@freebsd.org, AJvYcCXSNN7yH+/3c3QU0yPX4/hQ8sgE17D3JxDsS4Q4z1S0qOn9hSj4nsPwjo5AA8acEbmcTQ==@freebsd.org, AJvYcCXaPZfbfi0fuhBmiiC6pWUnj+ixP7pI9lkdzTbnWxMlqCs60f4+WRijQe7ms4ahWzYgB1eNZjsF@freebsd.org X-Gm-Message-State: AOJu0YzPEuTV8hPmTq9lbgbUX1HAr1s25AL6Jv95dh6SgYb8K30LMULY Wrktndjvgtwm5nAHkf7a8X+ELjzmfiChd82DRtdHh6c2RRKjOSntyLvYmghchjI/2A0Nr9lgrWM Ugv7WOshqcpPhd8L7NZABIJ88t3SjeQ== X-Gm-Gg: ASbGncswlOCtbnV+h2W4um1momfHhh+j4OFJD5Cvf7KeK6cvXrbl7oI0oYD9WWk7CBT tumS0Ak/wcKL41uZ9LHyLIQRgslo/yahGiKgDkDnRkqoe/a1OaPANN2L4WxNKIWe7mzDlLhzVWj gTC6dJkJ8BzqWF59KqvtHM5+JajaU2g0RVTY8IGgNOpxPGrfsdUpq+UmwQMOyP5xnui4kemfh7p kM/a+zq8AdjRjDa8v4kBHHu/y9I+siPTY3haQ== X-Google-Smtp-Source: AGHT+IHuo9AquuB8cAylU68dD5EFkB4IJCFUDdrt0g7X7a5SXavndElGxlgsTlH2vBljPsDNXGvKk6abB6/sg9nPJiw= X-Received: by 2002:a17:906:9fd2:b0:af1:1dfd:30f4 with SMTP id a640c23a62f3a-af619b0f686mr1019371166b.47.1753673176043; Sun, 27 Jul 2025 20:26:16 -0700 (PDT) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 References: <202507211410.56LEAD6J066633@gitrepo.freebsd.org> <47C3CC37-6F32-4376-900A-B5387B9817D5@freebsd.org> <20250721144645.3BA391BE@slippy.cwsent.com> <20250722155941.AC7EB121@slippy.cwsent.com> In-Reply-To: <20250722155941.AC7EB121@slippy.cwsent.com> From: Rick Macklem Date: Sun, 27 Jul 2025 20:26:03 -0700 X-Gm-Features: Ac12FXwdU5J8UHBsziy22fnlEBhZ0VCKYBVB8IS2Op1ZJ5rw2vsmV3g9oR6rMYg Message-ID: Subject: Re: git: c7da9fb90b0b - main - KRB5: Enable MIT KRB5 by default To: Cy Schubert Cc: Konstantin Belousov , Jessica Clarke , Cy Schubert , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-0.99)[-0.992]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; TAGGED_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_DN_EQ_ADDR_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; MISSING_XM_UA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62c:from] X-Rspamd-Queue-Id: 4br3mB6l8Qz3rx9 X-Spamd-Bar: --- On Tue, Jul 22, 2025 at 9:00=E2=80=AFAM Cy Schubert wrote: > > CAUTION: This email originated from outside of the University of Guelph. = Do not click links or open attachments unless you recognize the sender and = know the content is safe. If in doubt, forward suspicious emails to IThelp@= uoguelph.ca. > > In message , Konstantin Belousov writes: > > On Mon, Jul 21, 2025 at 07:46:45AM -0700, Cy Schubert wrote: > > > In message <47C3CC37-6F32-4376-900A-B5387B9817D5@freebsd.org>, Jessic= a > > > Clarke w > > > rites: > > > > On 21 Jul 2025, at 15:10, Cy Schubert wrote: > > > > >=3D20 > > > > > The branch main has been updated by cy: > > > > >=3D20 > > > > > URL: =3D > > > > https://cgit.FreeBSD.org/src/commit/?id=3D3Dc7da9fb90b0b6385e99bb77= 47476359 > > b=3D > > > > 712993fa > > > > >=3D20 > > > > > commit c7da9fb90b0b6385e99bb7747476359b712993fa > > > > > Author: Cy Schubert > > > > > AuthorDate: 2025-07-19 14:11:18 +0000 > > > > > Commit: Cy Schubert > > > > > CommitDate: 2025-07-21 14:07:22 +0000 > > > > >=3D20 > > > > > KRB5: Enable MIT KRB5 by default > > > > >=3D20 > > > > > Set WITH_MITKRB5=3D3Dyes as the default. > > > > >=3D20 > > > > > Rebuild all USES=3D3Dgssapi ports is recommended. > > > > >=3D20 > > > > > A clean buildworld is required. > > > > > > > > That=3DE2=3D80=3D99s going to be quite annoying and cause a lot of = issues =3D > > > > given > > > > WITH_CLEAN is now the default. Can we do something in depend-cleanu= p.sh > > > > to delete everything from the obj tree that needs to be rebuilt if = we > > > > detect the wrong kerberos implementation was previously built? > > > > > > All binaries that depend on any kerberos libraries must be rebuilt. > > > WITHOUT_CLEAN will fail at various spots. Meta mode should take care = of > > > this for us. > > Does the statement mean that ABI for the base libraries was broken? > > If yes, and the new libs have the same name as the old, we must bump > > dso versions. > > Three new libs have the same names. Most don't. The three with the same > names are libkrb5, libgssapi_krb5 and libcom_err. > > libgssapi_krb5 is a merge of the Heimdal libgssapi_* files. For example, > there is no libgssapi_spnego in MIT. > > The libcom_err contains the same but updated MIT functions. > > libkrb5 removes Heimdal-only functions. > > There is no libasn1 nor libroken in MIT. > > The differences are outlined at https://k5wiki.kerberos.org/wiki/Samba%27= s_u > se_of_Heimdal_symbols,_with_MIT_differences. I know diddly about how libraries are handled, but is it possible to put th= e old Heimdal 1.5.2 libraries somewhere (semi-private) under different names? I ask because it is going to be very difficult to port the gssd to the new libraries. The problem is that the KGSSAPI code assumes some stuff very specific to Heimdal. Take a look at sys/kgssapi/krb5/krb5_mech.c and you'll see what I mean. (There's code that parses the keys etc out of the internally generated tokens. I have no idea where to even find the information on how/where the MIT code hides this stuff and it a large part of krb5_mech.c looks like it will have to be re-written to work with the MIT libraries.) rick > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: https://FreeBSD.org > NTP: Web: https://nwtime.org > > e**(i*pi)+1=3D0 > >