Kerberos and FreeBSD

[Ansar Mohammed]

Going back on this topic, it seems that there are alot of things that
are being shipped with FreeBSD that I am not sure we need in the base
distribution.

Does anyone use portalfs?

On Fri, Feb 10, 2012 at 3:54 AM, Ansar Mohammed <ansarm at gmail.com> wrote:
> Thanks for the feedback.
> I built world and disabled Kerberos in src.conf.
>
> I will just install Heimdal via ports now.
>
> There seems to be alot of other rather old bits of software in a
> default installation. I noticed some old digiboard utility in a base
> 9.0 build.
>
> On Wed, Feb 8, 2012 at 5:41 PM, Rick Macklem <rmacklem at uoguelph.ca> wrote:
>> Benjamin Kaduk wrote:
>>> On Wed, 8 Feb 2012, Ansar Mohammed wrote:
>>>
>>> > Hello All,
>>> > Is the port of Heimdal on FreeBSD being maintained? The version that
>>> > ships with 9.0 seems a bit old.
>>> >
>>> > #> /usr/libexec/kdc-v
>>> > kdc (Heimdal 1.1.0)
>>> > Copyright 1995-2008 Kungliga Tekniska Högskolan
>>> > Send bug-reports to heimdal-bugs at h5l.org
>>>
>>> My understanding is that every five years or so, someone becomes fed
>>> up
>>> enough with the staleness of the "current" version and puts in the
>>> effort
>>> to merge in a newer version.
>>> It looks like 3 years ago, dfr brought in that Heimdal 1.1 you see, to
>>> replace the Heimdal 0.6 that nectar brought in 8 years ago.
>>> I don't know of anyone with active plans to bring in a new version, at
>>> present.
>>>
>>> -Ben Kaduk
>>>
>> I think it's a little trickier than it sounds. The Kerberos in FreeBSD
>> isn't vanilla Heimdal 1.1, but a somewhat modified variant.
>>
>> Heimdal libraries have a separate source file for each function, plus
>> a source file that defines all global storage used by functions in the
>> library.
>> One difference w.r.t. the FreeBSD variant that I am aware of is:
>> - Some of the functions were moved from one library to another. (I don't
>>  know why, but maybe it was to avoid a POLA violation which would require
>>  apps to be linked with additional libraries?)
>>  - To do this, some global variables were added to the source file in the
>>    library these functions were moved to.
>> As such, if you statically link an app. to both libraries, the global variable
>> can come up "multiply defined". (I ran into this when I was developing a "gssd"
>> prior to the one introduced as part of the kernel rpc.) You can get around this
>> by dynamically linking, being careful about the order in which the libraries are
>> specified. (The command "krb5-config --libs" helps w.r.t. this.)
>>
>> I don't know what else was changed, but I do know that it isn't as trivial as
>> replacing the sources with ones from a newer Heimdal release.
>>
>> I think it would be nice if a newer Heimdal release was brought it, with the
>> minimal changes required to make it work. (If that meant that apps. needed more
>> libraries, the make files could use "krb5-config --libs" to handle it, I think?)
>>
>> Oh, and I'm not volunteering to try and do it;-) rick
>>