From owner-freebsd-security@FreeBSD.ORG  Wed Jan 12 15:33:23 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 03FF116A4CE; Wed, 12 Jan 2005 15:33:23 +0000 (GMT)
Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 903AD43D41; Wed, 12 Jan 2005 15:33:22 +0000 (GMT)
	(envelope-from trhodes@FreeBSD.org)
Received: from mobile.pittgoth.com (64-144-75-100.client.dsl.net
	[64.144.75.100])	(authenticated bits=0)
	by pittgoth.com (8.12.10/8.12.10) with ESMTP id j0CFXKoa058882
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 12 Jan 2005 10:33:21 -0500 (EST)
	(envelope-from trhodes@FreeBSD.org)
Date: Wed, 12 Jan 2005 10:33:28 -0500
From: Tom Rhodes <trhodes@FreeBSD.org>
To: Gareth Hopkins <ghopkins@uunet.co.za>
Message-ID: <20050112103328.0c6288d3@mobile.pittgoth.com>
In-Reply-To: <20050111190043.Y49931@gabba.so.cpt1.za.uu.net>
References: <20050110190814.J49931@gabba.so.cpt1.za.uu.net>
	<41E3E6C3.7070801@kernel32.de>
	<20050111190043.Y49931@gabba.so.cpt1.za.uu.net>
X-Mailer: Sylpheed-Claws 0.9.13 (GTK+ 1.2.10; i386-portbld-freebsd5.3)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Wed, 12 Jan 2005 15:37:15 +0000
cc: freebsd-security@FreeBSD.org
cc: Jeremie Le Hen <jeremie@le-hen.org>
cc: Mark Murray <markm@FreeBSD.org>
cc: Marian Hettwer <MH@kernel32.de>
Subject: Re: MIT Kerberos and OpenSSH
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2005 15:33:23 -0000

On Tue, 11 Jan 2005 19:02:27 +0200 (SAST)
Gareth Hopkins <ghopkins@uunet.co.za> wrote:

> On Tue, 11 Jan 2005, Marian Hettwer wrote:
> 
> MH>Hej There,
> MH>
> MH>Jeremie Le Hen wrote:
> MH>> 
> MH>> 
> MH>> I'm not a buildworld guru, but I think that with NO_KERBEROS=yes,
> MH>> /usr/bin/sshd(8) will obviously NOT be linked with any krb library.
> MH>not true at all. NO_KERBEROS=yes says that heimdal kerberos shouldn't be
> MH>compiled, AFAIK.
> MH>
> MH>> IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob.
> MH>> 
> MH>that's the way I would go.
> MH>However, you need to make sure that the Ports OpenSSH doesn't interfer with
> MH>the Base OpenSSH.
> 
> Howdie,
> 
> 	Thanks for the replies. The reason for setting NO_KERBEROS is I do 
> not want heimdal kerberos built, as I want to use the MIT package. 
> 
> 	There must be a way to get the base system openssh to build against
> the installed MIT port. 

Have you asked Mark Murray about this?  I think he has worked
with Kerberos in the base system.

-- 
Tom Rhodes