From nobody Tue Aug 05 16:25:45 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bxJgw6M2Kz63QVq for ; Tue, 05 Aug 2025 16:25:48 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta003.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bxJgv6b2Qz3VyD for ; Tue, 05 Aug 2025 16:25:47 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of cy.schubert@cschubert.com designates 3.97.99.32 as permitted sender) smtp.mailfrom=cy.schubert@cschubert.com; dmarc=permerror reason="p tag has invalid value: quarantine rua=mailto:p[ostmaster@cschubert.com" header.from=cschubert.com (policy=permerror) Received: from shw-obgw-4002a.ext.cloudfilter.net ([10.228.9.250]) by cmsmtp with ESMTPS id jEgnuVdbf9JM2jKTzuVJCf; Tue, 05 Aug 2025 16:25:47 +0000 Received: from spqr.komquats.com ([70.66.136.217]) by cmsmtp with ESMTPSA id jKTxun7aDl5eGjKTyutDgp; Tue, 05 Aug 2025 16:25:47 +0000 X-Auth-User: cschuber X-Authority-Analysis: v=2.4 cv=EO6l0EZC c=1 sm=1 tr=0 ts=6892308b a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17 a=kj9zAlcOel0A:10 a=2OwXVqhp2XgA:10 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=YxBL1-UpAAAA:8 a=3-BciU1GIfA2-A0rfPwA:9 a=CjuIK1q_8ugA:10 a=LK5xJRSDVpKd5WXXoEvA:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy.cwsent.com [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 854A636C; Tue, 05 Aug 2025 09:25:45 -0700 (PDT) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 7EAF1C6; Tue, 05 Aug 2025 09:25:45 -0700 (PDT) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Rick Macklem cc: FreeBSD CURRENT Subject: Re: RFC: MIT kerberos and the gssd in main In-reply-to: References: Comments: In-reply-to Rick Macklem message dated "Sat, 02 Aug 2025 16:17:11 -0700." List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 05 Aug 2025 09:25:45 -0700 Message-Id: <20250805162545.7EAF1C6@slippy.cwsent.com> X-CMAE-Envelope: MS4xfLyq81GvAI6PyTVdba4HAOFZq0sptsgesRmsJgOizR6fyv4Ekgf6xbGTnzzY27HpcScheq0y5QqkMTwbGdFUZenwdayqZZ8QHnmVcN2LUw+x7GgsLBG6 sXAmzus57gE6mbtcdTls1eEN+GGd2RF6zErIN7XPid8eckZMOuvnNgmPZaf+UsWCZxvVdwvU6EFmQ+vRb5FP51vEY3XAgqzGA2NdgJXaEhY4GTKrAcY8SPVc 3i/wsHJgbeIKi8Xn6YNinw== X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; MV_CASE(0.50)[]; RWL_MAILSPIKE_EXCELLENT(-0.40)[3.97.99.32:from]; R_SPF_ALLOW(-0.20)[+ip4:3.97.99.32/31]; RCVD_IN_DNSWL_LOW(-0.10)[3.97.99.32:from]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; DMARC_BAD_POLICY(0.00)[cschubert.com : p tag has invalid value: quarantine rua=mailto:p[ostmaster@cschubert.com]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; TAGGED_RCPT(0.00)[]; REPLYTO_EQ_FROM(0.00)[] X-Rspamd-Queue-Id: 4bxJgv6b2Qz3VyD X-Spamd-Bar: --- In message , Rick Macklem writes: > Hi, > > I've lost track of the discussions (or even where they are > taking place, so I am going to post here and hope the > discussion stays here. > > My personal preference (feel free to discuss this) is that, > when MK_MITKRB5 == "yes" for the buildworld/installworld.. > - The .h files under /usr/include are exactly the same ones that > "pkg install krb5" generates and under the exact same names. > (No Heimdal .h files under /usr/include and no renaming or > putting them in a different subdir.) > - The libraries under /usr/lib are exactly the same ones that > "pkg install krb5" generates and under the exact same names. D51661 fixes this. It removes libgssapi.so, keeping libgssapi_krb5.so as we see on Linux systems with MIT KRB5 installed and as port installs them. > I think this will minimize confusion. Yes, anything that links to > libgssapi will need to be fixed (Makefile plus ???) since there > is no such library for MIT, but at least people will see what needs > to be fixed. (There are a lot of places where code knows where > MIT puts .h files and which MIT kerberos library names are used.) This is the reason for D51661. > > However (and this is the more important part for me), I'd like > a resolution w.r.t.what file names and where they go soon, so > I can get a patch for gssd.c needed to make it work for MIT > straightened out. > > I do now have code that works when linked to the libraries > in /usr/local/lib, using the MIT kerberos .h files. > > Thanks for any comments, rick > ps: Unless someone complains about doing so, I intend to > tweak /usr/src/usr.sbin/Makefile so that it only builds the > gssd when both MK_GSSAPI and MK_KERBEROS_SUPPORT > are not "no". This allows me to get rid of the cruft in gssd.c > that makes it build for the MK_KERBEROS_SUPPORT == "no" > case, since it won't do anything useful without kerberos anyhow. > All of the above are addressed/fixed by D51661. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e**(i*pi)+1=0