Date: Tue, 02 Apr 2024 20:01:14 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277650] Remove supporting linking against Heimdal from base (GSSAPI_BASE) Message-ID: <bug-277650-7788-L6REjLhrmT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-277650-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-277650-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277650 --- Comment #11 from Siva Mahadevan <me@svmhdvn.name> --- Then why not build security/openssh-portable from ports and set the GSSAPI option there? What are the clear advantages of having kerberos included in = base and forcing GSSAPI support to be enabled in base-provided sshd? Additionall= y, aren't current users who depend on base-provided Kerberos subject to any possible CVEs that have affected Heimdal in base (or MIT krb5 once that gets hypothetically included into base) since 12 years ago? Heimdal and MIT krb5= are up-to-date in the ports collection right now. I agree that kerberos support in sshd is great, since I use it in my own servers as well. But since I build my own private poudriere repo, I'm able = to quite easily select the latest (with all security patches included) GSSAPI provider from ports and use that to build ports-provided sshd with GSSAPI enabled. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277650-7788-L6REjLhrmT>