Date: Wed, 12 Jan 2005 15:24:58 -0500 From: Jeff Aitken <jaitken@aitken.com> To: freebsd-security@FreeBSD.org Subject: Re: MIT Kerberos and OpenSSH Message-ID: <20050112202458.GA4065@eagle.aitken.com> In-Reply-To: <20050112103328.0c6288d3@mobile.pittgoth.com> References: <20050110190814.J49931@gabba.so.cpt1.za.uu.net> <41E3E6C3.7070801@kernel32.de> <20050111190043.Y49931@gabba.so.cpt1.za.uu.net> <20050112103328.0c6288d3@mobile.pittgoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 12, 2005 at 10:33:28AM -0500, Tom Rhodes wrote:
> > There must be a way to get the base system openssh to build against
> > the installed MIT port.
>
> Have you asked Mark Murray about this? I think he has worked
> with Kerberos in the base system.
On a related note, when building the krb5 port in FreeBSD-5.3, it
appears that ksu is not installed. I'm not sure I understand
fully why this is the case, but it appears that the following
lines in /usr/ports/security/krb5/Makefile:
CONFIGURE_ENV= INSTALL="${INSTALL}" YACC=/usr/bin/yacc \
CFLAGS="${CFLAGS}"
MAKE_ARGS= INSTALL="${INSTALL}"
clobber the value of INSTALL in several of the generated Makefiles.
This only appears to affect ksu because it is the only one where the
install target references INSTALL_SETUID. After running a 'make' in
the top level, this is what you get in src/clients/Makefile:
INSTALL=install
INSTALL_STRIP=
INSTALL_PROGRAM=install -s -o root -g wheel -m 555 $(INSTALL_STRIP)
INSTALL_SCRIPT=install -o root -g wheel -m 555
INSTALL_DATA=install -o root -g wheel -m 444
INSTALL_SHLIB=@INSTALL_SHLIB@
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
Note that INSTALL_SETUID references INSTALL, which is not defined as
I would expect; I think the correct value should look like this:
INSTALL=/usr/bin/install -c -o root -g wheel
Most of the other executables that get installed seem to reference
INSTALL_PROGRAM directly.
Also interesting is that src/clients/ksu/Makefile appears to lack a
defined install-unix target. All of the other Makefiles have something
that looks like this:
install-unix::
for f in klist; do \
$(INSTALL_PROGRAM) $$f \
$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
$(INSTALL_DATA) $(srcdir)/$$f.M \
$(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
done
I don't know if this is a problem or not.
Anyway, if you remove the CONFIGURE_ENV and MAKE_ARGS definitions in
/usr/ports/security/krb5/Makefile, you get a "correct" Makefile in
src/clients/ksu:
INSTALL=/usr/bin/install -c -o root -g wheel
INSTALL_STRIP=
INSTALL_PROGRAM=install -s -o root -g wheel -m 555 $(INSTALL_STRIP)
INSTALL_SCRIPT=install -o root -g wheel -m 555
INSTALL_DATA=install -o root -g wheel -m 444
INSTALL_SHLIB=@INSTALL_SHLIB@
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
The krb5 Makefiles are a maze of indirection so I'm not sure I have
this figured out, but figured I'd toss it out and see if anyone else
can confirm or deny.
--Jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050112202458.GA4065>