From owner-freebsd-questions@FreeBSD.ORG Mon Jan 31 20:41:06 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7324A1065670 for ; Mon, 31 Jan 2011 20:41:06 +0000 (UTC) (envelope-from prvs=00126c72a7=kalts@estcard.ee) Received: from smtp.estcard.ee (smtp.estcard.ee [194.204.11.100]) by mx1.freebsd.org (Postfix) with ESMTP id E68268FC1A for ; Mon, 31 Jan 2011 20:41:05 +0000 (UTC) Received: from fserv.internal ([192.168.10.3]) by smtp.estcard.ee with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.73) (envelope-from ) id 1Pk0YW-0007hn-5n; Mon, 31 Jan 2011 22:41:02 +0200 Received: from myhakas.internal ([192.168.21.128]) by fserv.internal with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1Pk0YW-0003WD-3q; Mon, 31 Jan 2011 22:41:00 +0200 Received: from kalts by myhakas.internal with local (Exim 4.69) (envelope-from ) id 1Pk0YV-0005LJ-Tl; Mon, 31 Jan 2011 22:40:59 +0200 Date: Mon, 31 Jan 2011 22:40:59 +0200 From: Vallo Kallaste To: Jan Henrik Sylvester Message-ID: <20110131204059.GB17485@hape.internal> References: <20110131154759.GA17485@hape.internal> <4D46E6A8.8040408@janh.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D46E6A8.8040408@janh.de> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: questions-list freebsd Subject: Re: FreeBSD 8.2: state of Kerberos, GSS-API and (Cyrus) SASL? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kalts@estpak.ee List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2011 20:41:06 -0000 On Mon, Jan 31, 2011 at 05:43:20PM +0100, Jan Henrik Sylvester wrote: > >cyrus-sasl2 integration with base Heimdal? With ports Heimdal? Can I > >replace base Heimdal with one from ports, is it supported? Any > >make.conf knobs to fiddle with? Any info appreciated. > > I am struggling with exactly the same problem. Unfortunately, I got > no reply on this list about it: > > http://lists.freebsd.org/pipermail/freebsd-questions/2011-January/226495.html > > If you get any further, please, tell me. I am thinking about > reposting my question to a different list: stable as that is where > the earlier discussions happened or ports as that seems more > appropriate. > > What I have not tried, yet, is using MIT Kerberos from ports instead > of Heimdal, but since we use Heimdal here for everything, I am kind > of reluctant. (Otherwise, I would have to setup some Linux > server...) > I looked around for knobs to disable building base Heimdal and other kerberised bits in hope that security/heimdal could be installed into /usr. Nothing in make.conf but I found new /etc/src.conf file, sure things have changed since 5.1 days when I left. Oh the horror days of 5.x, but I digress. Anyway, I think that by fiddling with src.conf knobs one can suppress building the base Heimdal and all other kerberised things. After one modified build and installworld the old bits lying around should be removed and Heimdal port installed into /usr by defining HEIMDAL_HOME. This is for start, clean base for further exploration. On the other hand I found the following patches in the security/heimdal commit log: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/152030 I will try that first, but this will be no-go in production because those patches aren't probably committed to -STABLE. -- Vallo