Re: MIT KRB5
- In reply to: Cy Schubert : "MIT KRB5"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Jun 2025 02:56:59 UTC
On 6/1/25 22:53, Cy Schubert wrote: > In message <7f562111-6557-464b-891c-ea0507b8a909@FreeBSD.org>, John Baldwin > wri > tes: >> On 6/1/25 21:50, Cy Schubert wrote: >>> Hi arch@, >>> >>> I'm preparing a number of MIT KRB5 commits. Some will be reviewed, others n >> ot. >>> The commits I am planning are: >>> >>> 1. Import pam-krb5 (MIT compatible pam_krb5) from vendor branch. No phabri >> cator >>> review will be requested. >>> >>> 2. Import MIT KRB5 from vendor branch. No phabricator review will be reque >> sted. >>> >>> 3. Four patches to MIT KRB5 to allow it to build under FreeBSD. No review. >>> >>> 4. Hook MIT KRB5 and pam-krb5 into the build. I will request a phabricator >> review >>> of this. It includes the following files: >>> >>> modified: Makefile.inc1 >>> modified: Makefile.libcompat >>> modified: crypto/krb5/src/lib/krb5/ccache/t_stdio.c >>> modified: crypto/krb5/src/lib/krb5/os/localaddr.c >>> modified: crypto/krb5/src/util/ss/listen.c >>> modified: crypto/krb5/src/util/ss/ss_internal.h >>> modified: crypto/openssh/krb5_config.h >>> modified: etc/Makefile >>> new file: etc/gss-mit/Makefile >>> new file: etc/gss-mit/mech >>> new file: etc/gss-mit/qop >>> modified: etc/mtree/BSD.include.dist >>> modified: etc/mtree/BSD.usr.dist >>> new file: krb5/Makefile >>> new file: krb5/Makefile.et >>> new file: krb5/Makefile.inc >>> new file: krb5/README >>> new file: krb5/include/Makefile >>> new file: krb5/include/Makefile.inc >>> new file: krb5/include/autoconf.h >>> new file: krb5/include/gssapi/Makefile >>> new file: krb5/include/gssrpc/Makefile >>> new file: krb5/include/gssrpc/types.h >>> new file: krb5/include/krb5/Makefile >>> new file: krb5/include/krb5_private/Makefile >>> new file: krb5/include/osconf.h >>> new file: krb5/lib/Makefile >>> new file: krb5/lib/Makefile.inc >>> new file: krb5/lib/apputils/Makefile >>> new file: krb5/lib/crypto/Makefile >>> new file: krb5/lib/crypto/builtin/Makefile.inc >>> new file: krb5/lib/crypto/builtin/aes/Makefile.inc >>> new file: krb5/lib/crypto/builtin/camellia/Makefile.inc >>> new file: krb5/lib/crypto/builtin/des/Makefile.inc >>> new file: krb5/lib/crypto/builtin/enc_provider/Makefile.inc >>> new file: krb5/lib/crypto/builtin/hash_provider/Makefile.inc >>> new file: krb5/lib/crypto/builtin/md4/Makefile.inc >>> new file: krb5/lib/crypto/builtin/md5/Makefile.inc >>> new file: krb5/lib/crypto/builtin/sha1/Makefile.inc >>> new file: krb5/lib/crypto/builtin/sha2/Makefile.inc >>> new file: krb5/lib/crypto/krb/Makefile.inc >>> new file: krb5/lib/crypto/openssl/Makefile.inc >>> new file: krb5/lib/crypto/openssl/des/Makefile.inc >>> new file: krb5/lib/crypto/openssl/enc_provider/Makefile.inc >>> new file: krb5/lib/crypto/openssl/hash_provider/Makefile.inc >>> new file: krb5/lib/gssapi/Makefile >>> new file: krb5/lib/gssapi/errmap.h >>> new file: krb5/lib/gssapi/error_map.h >>> new file: krb5/lib/gssapi/generic/Makefile.et >>> new file: krb5/lib/gssapi/generic/Makefile.inc >>> new file: krb5/lib/gssapi/krb5/Makefile.et >>> new file: krb5/lib/gssapi/krb5/Makefile.inc >>> new file: krb5/lib/gssapi/mechglue/Makefile.inc >>> new file: krb5/lib/gssapi/spnego/Makefile.inc >>> new file: krb5/lib/kadm5clnt/Makefile >>> new file: krb5/lib/kadm5clnt/clnt/Makefile.inc >>> new file: krb5/lib/kadm5srv/Makefile >>> new file: krb5/lib/kadm5srv/srv/Makefile.inc >>> new file: krb5/lib/kadmin_common/Makefile >>> new file: krb5/lib/kdb/Makefile >>> new file: krb5/lib/kprop_util/Makefile >>> new file: krb5/lib/krad/Makefile >>> new file: krb5/lib/krb5/Makefile >>> new file: krb5/lib/krb5/asn.1/Makefile.inc >>> new file: krb5/lib/krb5/ccache/Makefile.inc >>> new file: krb5/lib/krb5/docs/Makefile.inc >>> new file: krb5/lib/krb5/error_tables/Makefile.inc >>> new file: krb5/lib/krb5/keytab/Makefile.inc >>> new file: krb5/lib/krb5/krb/Makefile.inc >>> new file: krb5/lib/krb5/os/Makefile.inc >>> new file: krb5/lib/krb5/rcache/Makefile.inc >>> new file: krb5/lib/krb5/unicode/Makefile.inc >>> new file: krb5/lib/rpc/Makefile >>> new file: krb5/libexec/Makefile >>> new file: krb5/libexec/Makefile.inc >>> new file: krb5/libexec/kadmind/Makefile >>> new file: krb5/libexec/kdc/Makefile >>> new file: krb5/libexec/kprop/Makefile >>> new file: krb5/libexec/kpropd/Makefile >>> new file: krb5/libexec/kproplog/Makefile >>> new file: krb5/plugins/Makefile >>> new file: krb5/plugins/Makefile.inc >>> new file: krb5/plugins/audit/Makefile >>> new file: krb5/plugins/k5tls/Makefile >>> new file: krb5/plugins/kdb/Makefile >>> new file: krb5/plugins/kdb/Makefile.inc >>> new file: krb5/plugins/kdb/db2/Makefile >>> new file: krb5/plugins/kdb/db2/libdb2/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/btree/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/db/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/hash/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/include/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/mpool/Makefile.inc >>> new file: krb5/plugins/kdb/db2/libdb2/recno/Makefile.inc >>> new file: krb5/plugins/preauth/Makefile >>> new file: krb5/plugins/preauth/Makefile.inc >>> new file: krb5/plugins/preauth/otp/Makefile >>> new file: krb5/plugins/preauth/pkinit/Makefile >>> new file: krb5/plugins/preauth/spake/Makefile >>> new file: krb5/plugins/preauth/test/Makefile >>> new file: krb5/usr.bin/Makefile >>> new file: krb5/usr.bin/Makefile.inc >>> new file: krb5/usr.bin/gss-client/Makefile >>> new file: krb5/usr.bin/kadmin/Makefile >>> new file: krb5/usr.bin/kdestroy/Makefile >>> new file: krb5/usr.bin/kinit/Makefile >>> new file: krb5/usr.bin/klist/Makefile >>> new file: krb5/usr.bin/kpasswd/Makefile >>> new file: krb5/usr.bin/ksu/Makefile >>> new file: krb5/usr.bin/kswitch/Makefile >>> new file: krb5/usr.bin/ktutil/Makefile >>> new file: krb5/usr.bin/kvno/Makefile >>> new file: krb5/usr.bin/sclient/Makefile >>> new file: krb5/usr.bin/sim_client/Makefile >>> new file: krb5/usr.sbin/Makefile >>> new file: krb5/usr.sbin/Makefile.inc >>> new file: krb5/usr.sbin/gss-server/Makefile >>> new file: krb5/usr.sbin/kadmin.local/Makefile >>> new file: krb5/usr.sbin/kdb5_util/Makefile >>> new file: krb5/usr.sbin/sim_server/Makefile >>> new file: krb5/usr.sbin/sserver/Makefile >>> new file: krb5/util/Makefile >>> new file: krb5/util/Makefile.inc >>> new file: krb5/util/build-tools/Makefile >>> new file: krb5/util/build-tools/krb5-config.sh >>> new file: krb5/util/compile_et/Makefile >>> new file: krb5/util/et/Makefile >>> new file: krb5/util/profile/Makefile >>> new file: krb5/util/ss/Makefile >>> new file: krb5/util/support/Makefile >>> new file: krb5/util/verto/Makefile >>> modified: lib/Makefile >>> modified: lib/libpam/modules/pam_krb5/Makefile >>> new file: lib/libpam/modules/pam_krb5/config.h >>> modified: lib/libpam/modules/pam_krb5/pam_krb5.c >>> modified: lib/libpam/modules/pam_ksu/Makefile >>> modified: lib/libpam/modules/pam_ksu/pam_ksu.c >>> modified: lib/libtelnet/Makefile >>> modified: secure/libexec/sshd-session/Makefile >>> modified: secure/ssh.mk >>> modified: share/mk/bsd.libnames.mk >>> modified: share/mk/src.libnames.mk >>> modified: share/mk/src.opts.mk >>> modified: tools/build/Makefile >>> modified: tools/build/mk/OptionalObsoleteFiles.inc >>> new file: tools/build/options/WITH_MITKRB5 >>> modified: usr.bin/Makefile >>> modified: usr.bin/telnet/Makefile >>> modified: usr.sbin/gssd/Makefile >>> modified: usr.sbin/gssd/gssd.c >>> >>> Does this sound reasonable? >>> >>> I am open to and considering breaking the last commit into a number of smal >> ler >>> commits, culminating in the actual hook of MIT KRB5 into the build. Note th >> at it >>> will only build with the WITH_MITKRB5 defined in src.conf. >>> >>> The src/krb5 Makefiles are structured so that they loosely follow the tree >>> structure in MIT's build. Should upstream add or remove files, it would be >> easier >>> for persons maintaining it to find the corresponding Makefile in our bespok >> e build >>> tree. >> >> My only thought was if we wanted the krb5 tree to be under secure/ rather tha >> n a new >> top-level directory? Aside from that question, the rest of the plan seems fi >> ne to >> me. > > Heimdal is in /usr/src/kerberos. This is in keeping with that. MIT KRB5 is > large enough to have its own tree just as Heimdal is large enough to have > its own tree. Huh, I had assumed it was buried under secure, but I guess not. I'm fine with krb5/ then. -- John Baldwin