[Bug 277650] Remove supporting linking ports against Heimdal from base (GSSAPI_BASE)
Date: Sat, 01 Jun 2024 15:29:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277650 Marcin Cieślak <saper@saper.info> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |saper@saper.info --- Comment #27 from Marcin Cieślak <saper@saper.info> --- (In reply to Siva Mahadevan from comment #13) Siva, I will just give you a practical example. Two days ago I have installed a DragonFlyBSD system. They did what you suggest - they have removed Kerberos support from the base completely. Basically I ended up with a system I could not ssh out of. I have attempted to install openssh-portable, but this was broken because GSSAPI patch from Debian which has to be applied didn't fetch. This is https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278222 with the fix hopefully coming out of https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279437 Then I had to update openssh-portable to a newer version and apply a newer patch. By the way, it still does not work and I am still troubleshooting. Two days have passed. Back to FreeBSD, after I have tested https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279437 I still could not make ssh connection due to "rc4 8: EVP_CipherInit_ex einit" error. As it turned out, https://github.com/heimdal/heimdal/issues/1224 was a problem. But I could fix it by installing heimdal-devel as provided by cy@ (big thanks). Speaking of maintenance burden, getting it to work requires well-maintained openssh-portable with a random patch from Debian and a well-maintained Kerberos implementation port, usually done by different people. Therefore, no, and please keep it in base for as long as we can. -- You are receiving this mail because: You are on the CC list for the bug.