[Bug 247940] Introduce gssapi=.. in DEFAULT_VERSIONS like for ssl=...
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 06 Jan 2024 00:33:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247940 --- Comment #12 from Siva Mahadevan <me@svmhdvn.name> --- Adding to this discussion due to a new issue that comes up with the move to OpenSSL 3 in FreeBSD 14. I use heimdal as my preferred kerberos implementation. Heimdal upstream hasn't seen a release in a while (current version is 7.8), and heimdal-devel (tracking git HEAD) fixes a bunch of issues related to OpenSSL 3 support. I'd ideally like to use heimdal-devel as my gssapi provider in all ports that support it. Currently, I don't see an option to use heimdal-devel (or even MIT krb5-devel) as the gssapi provider in any ports. I do mostly see the following OPTIONS being supported across the board in a mostly-standard way as comment #10 suggests: * GSSAPI_NONE * GSSAPI_BASE * GSSAPI_HEIMDAL * GSSAPI_MIT I'd additionally like to see the following: * GSSAPI_HEIMDAL_DEVEL * GSSAPI_MIT_DEVEL But instead of adding support for these to every port that can support them, I'd like to see support for choosing the version added to the DEFAULT_VERSIONS framework. I am in support of the proposal to: * Replace all port OPTIONS of the form GSSAPI_* to simply GSSAPI, which will enable or disable GSSAPI support in a given port * Move the choice of the GSSAPI provider to the DEFAULT_VERSIONS framework in the form of 'gssapi=(heimdal|heimdal-devel|mit|mit-devel)' If there is consensus, I can help prepare a patchset (if one doesn't already exist as a work-in-progress) for converting all ports, along with adding the support to the DEFAULT_VERSIONS framework. -- You are receiving this mail because: You are on the CC list for the bug.