[Bug 247940] Introduce gssapi=.. in DEFAULT_VERSIONS like for ssl=...

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247940

--- Comment #12 from Siva Mahadevan <me@svmhdvn.name> ---
Adding to this discussion due to a new issue that comes up with the move to
OpenSSL 3 in FreeBSD 14.

I use heimdal as my preferred kerberos implementation. Heimdal upstream hasn't
seen a release in a while (current version is 7.8), and heimdal-devel (tracking
git HEAD) fixes a bunch of issues related to OpenSSL 3 support. I'd ideally
like to use heimdal-devel as my gssapi provider in all ports that support it.

Currently, I don't see an option to use heimdal-devel (or even MIT krb5-devel)
as the gssapi provider in any ports. I do mostly see the following OPTIONS
being supported across the board in a mostly-standard way as comment #10
suggests:
* GSSAPI_NONE
* GSSAPI_BASE
* GSSAPI_HEIMDAL
* GSSAPI_MIT

I'd additionally like to see the following:
* GSSAPI_HEIMDAL_DEVEL
* GSSAPI_MIT_DEVEL

But instead of adding support for these to every port that can support them,
I'd like to see support for choosing the version added to the DEFAULT_VERSIONS
framework. I am in support of the proposal to:
* Replace all port OPTIONS of the form GSSAPI_* to simply GSSAPI, which will
enable or disable GSSAPI support in a given port
* Move the choice of the GSSAPI provider to the DEFAULT_VERSIONS framework in
the form of 'gssapi=(heimdal|heimdal-devel|mit|mit-devel)'

If there is consensus, I can help prepare a patchset (if one doesn't already
exist as a work-in-progress) for converting all ports, along with adding the
support to the DEFAULT_VERSIONS framework.

-- 
You are receiving this mail because:
You are on the CC list for the bug.