MIT KRB5
- Reply: John Baldwin : "Re: MIT KRB5"
- In reply to: John Baldwin : "Re:"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Jun 2025 02:53:58 UTC
In message <7f562111-6557-464b-891c-ea0507b8a909@FreeBSD.org>, John Baldwin wri tes: > On 6/1/25 21:50, Cy Schubert wrote: > > Hi arch@, > > > > I'm preparing a number of MIT KRB5 commits. Some will be reviewed, others n > ot. > > The commits I am planning are: > > > > 1. Import pam-krb5 (MIT compatible pam_krb5) from vendor branch. No phabri > cator > > review will be requested. > > > > 2. Import MIT KRB5 from vendor branch. No phabricator review will be reque > sted. > > > > 3. Four patches to MIT KRB5 to allow it to build under FreeBSD. No review. > > > > 4. Hook MIT KRB5 and pam-krb5 into the build. I will request a phabricator > review > > of this. It includes the following files: > > > > modified: Makefile.inc1 > > modified: Makefile.libcompat > > modified: crypto/krb5/src/lib/krb5/ccache/t_stdio.c > > modified: crypto/krb5/src/lib/krb5/os/localaddr.c > > modified: crypto/krb5/src/util/ss/listen.c > > modified: crypto/krb5/src/util/ss/ss_internal.h > > modified: crypto/openssh/krb5_config.h > > modified: etc/Makefile > > new file: etc/gss-mit/Makefile > > new file: etc/gss-mit/mech > > new file: etc/gss-mit/qop > > modified: etc/mtree/BSD.include.dist > > modified: etc/mtree/BSD.usr.dist > > new file: krb5/Makefile > > new file: krb5/Makefile.et > > new file: krb5/Makefile.inc > > new file: krb5/README > > new file: krb5/include/Makefile > > new file: krb5/include/Makefile.inc > > new file: krb5/include/autoconf.h > > new file: krb5/include/gssapi/Makefile > > new file: krb5/include/gssrpc/Makefile > > new file: krb5/include/gssrpc/types.h > > new file: krb5/include/krb5/Makefile > > new file: krb5/include/krb5_private/Makefile > > new file: krb5/include/osconf.h > > new file: krb5/lib/Makefile > > new file: krb5/lib/Makefile.inc > > new file: krb5/lib/apputils/Makefile > > new file: krb5/lib/crypto/Makefile > > new file: krb5/lib/crypto/builtin/Makefile.inc > > new file: krb5/lib/crypto/builtin/aes/Makefile.inc > > new file: krb5/lib/crypto/builtin/camellia/Makefile.inc > > new file: krb5/lib/crypto/builtin/des/Makefile.inc > > new file: krb5/lib/crypto/builtin/enc_provider/Makefile.inc > > new file: krb5/lib/crypto/builtin/hash_provider/Makefile.inc > > new file: krb5/lib/crypto/builtin/md4/Makefile.inc > > new file: krb5/lib/crypto/builtin/md5/Makefile.inc > > new file: krb5/lib/crypto/builtin/sha1/Makefile.inc > > new file: krb5/lib/crypto/builtin/sha2/Makefile.inc > > new file: krb5/lib/crypto/krb/Makefile.inc > > new file: krb5/lib/crypto/openssl/Makefile.inc > > new file: krb5/lib/crypto/openssl/des/Makefile.inc > > new file: krb5/lib/crypto/openssl/enc_provider/Makefile.inc > > new file: krb5/lib/crypto/openssl/hash_provider/Makefile.inc > > new file: krb5/lib/gssapi/Makefile > > new file: krb5/lib/gssapi/errmap.h > > new file: krb5/lib/gssapi/error_map.h > > new file: krb5/lib/gssapi/generic/Makefile.et > > new file: krb5/lib/gssapi/generic/Makefile.inc > > new file: krb5/lib/gssapi/krb5/Makefile.et > > new file: krb5/lib/gssapi/krb5/Makefile.inc > > new file: krb5/lib/gssapi/mechglue/Makefile.inc > > new file: krb5/lib/gssapi/spnego/Makefile.inc > > new file: krb5/lib/kadm5clnt/Makefile > > new file: krb5/lib/kadm5clnt/clnt/Makefile.inc > > new file: krb5/lib/kadm5srv/Makefile > > new file: krb5/lib/kadm5srv/srv/Makefile.inc > > new file: krb5/lib/kadmin_common/Makefile > > new file: krb5/lib/kdb/Makefile > > new file: krb5/lib/kprop_util/Makefile > > new file: krb5/lib/krad/Makefile > > new file: krb5/lib/krb5/Makefile > > new file: krb5/lib/krb5/asn.1/Makefile.inc > > new file: krb5/lib/krb5/ccache/Makefile.inc > > new file: krb5/lib/krb5/docs/Makefile.inc > > new file: krb5/lib/krb5/error_tables/Makefile.inc > > new file: krb5/lib/krb5/keytab/Makefile.inc > > new file: krb5/lib/krb5/krb/Makefile.inc > > new file: krb5/lib/krb5/os/Makefile.inc > > new file: krb5/lib/krb5/rcache/Makefile.inc > > new file: krb5/lib/krb5/unicode/Makefile.inc > > new file: krb5/lib/rpc/Makefile > > new file: krb5/libexec/Makefile > > new file: krb5/libexec/Makefile.inc > > new file: krb5/libexec/kadmind/Makefile > > new file: krb5/libexec/kdc/Makefile > > new file: krb5/libexec/kprop/Makefile > > new file: krb5/libexec/kpropd/Makefile > > new file: krb5/libexec/kproplog/Makefile > > new file: krb5/plugins/Makefile > > new file: krb5/plugins/Makefile.inc > > new file: krb5/plugins/audit/Makefile > > new file: krb5/plugins/k5tls/Makefile > > new file: krb5/plugins/kdb/Makefile > > new file: krb5/plugins/kdb/Makefile.inc > > new file: krb5/plugins/kdb/db2/Makefile > > new file: krb5/plugins/kdb/db2/libdb2/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/btree/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/db/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/hash/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/include/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/mpool/Makefile.inc > > new file: krb5/plugins/kdb/db2/libdb2/recno/Makefile.inc > > new file: krb5/plugins/preauth/Makefile > > new file: krb5/plugins/preauth/Makefile.inc > > new file: krb5/plugins/preauth/otp/Makefile > > new file: krb5/plugins/preauth/pkinit/Makefile > > new file: krb5/plugins/preauth/spake/Makefile > > new file: krb5/plugins/preauth/test/Makefile > > new file: krb5/usr.bin/Makefile > > new file: krb5/usr.bin/Makefile.inc > > new file: krb5/usr.bin/gss-client/Makefile > > new file: krb5/usr.bin/kadmin/Makefile > > new file: krb5/usr.bin/kdestroy/Makefile > > new file: krb5/usr.bin/kinit/Makefile > > new file: krb5/usr.bin/klist/Makefile > > new file: krb5/usr.bin/kpasswd/Makefile > > new file: krb5/usr.bin/ksu/Makefile > > new file: krb5/usr.bin/kswitch/Makefile > > new file: krb5/usr.bin/ktutil/Makefile > > new file: krb5/usr.bin/kvno/Makefile > > new file: krb5/usr.bin/sclient/Makefile > > new file: krb5/usr.bin/sim_client/Makefile > > new file: krb5/usr.sbin/Makefile > > new file: krb5/usr.sbin/Makefile.inc > > new file: krb5/usr.sbin/gss-server/Makefile > > new file: krb5/usr.sbin/kadmin.local/Makefile > > new file: krb5/usr.sbin/kdb5_util/Makefile > > new file: krb5/usr.sbin/sim_server/Makefile > > new file: krb5/usr.sbin/sserver/Makefile > > new file: krb5/util/Makefile > > new file: krb5/util/Makefile.inc > > new file: krb5/util/build-tools/Makefile > > new file: krb5/util/build-tools/krb5-config.sh > > new file: krb5/util/compile_et/Makefile > > new file: krb5/util/et/Makefile > > new file: krb5/util/profile/Makefile > > new file: krb5/util/ss/Makefile > > new file: krb5/util/support/Makefile > > new file: krb5/util/verto/Makefile > > modified: lib/Makefile > > modified: lib/libpam/modules/pam_krb5/Makefile > > new file: lib/libpam/modules/pam_krb5/config.h > > modified: lib/libpam/modules/pam_krb5/pam_krb5.c > > modified: lib/libpam/modules/pam_ksu/Makefile > > modified: lib/libpam/modules/pam_ksu/pam_ksu.c > > modified: lib/libtelnet/Makefile > > modified: secure/libexec/sshd-session/Makefile > > modified: secure/ssh.mk > > modified: share/mk/bsd.libnames.mk > > modified: share/mk/src.libnames.mk > > modified: share/mk/src.opts.mk > > modified: tools/build/Makefile > > modified: tools/build/mk/OptionalObsoleteFiles.inc > > new file: tools/build/options/WITH_MITKRB5 > > modified: usr.bin/Makefile > > modified: usr.bin/telnet/Makefile > > modified: usr.sbin/gssd/Makefile > > modified: usr.sbin/gssd/gssd.c > > > > Does this sound reasonable? > > > > I am open to and considering breaking the last commit into a number of smal > ler > > commits, culminating in the actual hook of MIT KRB5 into the build. Note th > at it > > will only build with the WITH_MITKRB5 defined in src.conf. > > > > The src/krb5 Makefiles are structured so that they loosely follow the tree > > structure in MIT's build. Should upstream add or remove files, it would be > easier > > for persons maintaining it to find the corresponding Makefile in our bespok > e build > > tree. > > My only thought was if we wanted the krb5 tree to be under secure/ rather tha > n a new > top-level directory? Aside from that question, the rest of the plan seems fi > ne to > me. Heimdal is in /usr/src/kerberos. This is in keeping with that. MIT KRB5 is large enough to have its own tree just as Heimdal is large enough to have its own tree. > > In terms of the last commit, if you think there are reasonable ways to break > it up, > that might make reviewing easier, but I'm not sure it's worth the extra work > if it > is a pain to split it up. Part of the reason to split it up is also to "document" FreeBSD patches to the base software. Something that is lost when merging existing software. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0