From owner-freebsd-stable@FreeBSD.ORG Sat Jun 4 21:00:45 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D2BB16A41C; Sat, 4 Jun 2005 21:00:45 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB8F843D1F; Sat, 4 Jun 2005 21:00:43 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1Deflu-000OeA-9R; Sun, 05 Jun 2005 01:01:34 +0400 To: Scot Hetzel References: <429D8B3B.50203@ng.fadesa.es> <29469499@srv.sem.ipt.ru> <429DE188.5020908@ng.fadesa.es> <09783236@srv.sem.ipt.ru> <429EE7D8.4050900@ng.fadesa.es> <65121725@srv.sem.ipt.ru> <42A025CA.2000107@ng.fadesa.es> <41916239@srv.sem.ipt.ru> <790a9fff05060309474f2f06eb@mail.gmail.com> <11516153@srv.sem.ipt.ru> <790a9fff0506031300756e6bda@mail.gmail.com> From: Boris Samorodov Date: Sun, 05 Jun 2005 01:01:34 +0400 In-Reply-To: <790a9fff0506031300756e6bda@mail.gmail.com> (Scot Hetzel's message of "Fri, 3 Jun 2005 15:00:56 -0500") Message-ID: <74054193@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: fandino@ng.fadesa.es, freebsd-stable@freebsd.org, freebsd-ports@freebsd.org Subject: Re: kadmin (heimdal port) ignores the ldap backend X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2005 21:00:45 -0000 On Fri, 3 Jun 2005 15:00:56 -0500 Scot Hetzel wrote: > On 6/3/05, Boris Samorodov wrote: > > > I believe you have to set NO_KERBEROS in /etc/make.conf. Then rebuild > > > & install the FreeBSD sources in /usr/src. Then after the > > > installworld, you'll need to go to the /usr/lib directory and > > > move/remove all libs that are older than the date of the install. > > > > > NOTE: I would also do a second installworld, after removing the > > > libraries. Just incase something was removed that wasn't supposed to > > > be removed. > > > > > Then install the KERBEROS hemidal port. > > > > Hmm. And what about kerbesized applications (i.e. sshd) from the base > > system which I'd like to use with kerberos authentication? > > > looks like you would have to install them from ports, unless you Those from ports uses MIT Kerberos 5 realization. Maybe they work with Heimdal also... > hacked the sources to use KERBEROS installed from the port. > src/secure/usr.bin/ssh/Makefile > src/lib/libtelnet/Makefile > src/lib/libpam/modules/modules.inc > NOTE: there may be others > You would have to change the files to check if the hemdial libraries > are installed: > .if (defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libkrb5.so) ) > || !defined(NO_KERBEROS) > NOTE: you may also need to set LDFLAGS+=-L${HEIMDAL_HOME}/lib > And see if it compiles. This way means applying patches every build/install world. And there is no guarantee that pathes apply well. And it is really a *hack*. I try to find a way to DTRT (do the right thing). So far I have two workarounds (may be *hacks* all together): o install heimdal from ports and change library searching path (to search /usr/local/lib before athers). Don't know if it may break something; o install heimdal from ports with LOCALBASE=/usr. The port should be reinstalled after make world. Thus neighter of them are good... WBR -- bsam