[Bug 277650] Remove supporting linking ports against Heimdal from base (GSSAPI_BASE)

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 01 Jun 2024 15:29:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277650

Marcin Cieślak <saper@saper.info> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |saper@saper.info

--- Comment #27 from Marcin Cieślak <saper@saper.info> ---
(In reply to Siva Mahadevan from comment #13)

Siva, I will just give you a practical example.

Two days ago I have installed a DragonFlyBSD system. They did what you suggest
- they have removed Kerberos support from the base completely.

Basically I ended up with a system I could not ssh out of. I have attempted to
install openssh-portable, but this was broken because GSSAPI patch from Debian
which has to be applied didn't fetch. This is
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278222 with the fix hopefully
coming out of https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279437

Then I had to update openssh-portable to a newer version and apply a newer
patch.
By the way, it still does not work and I am still troubleshooting. Two days
have passed.

Back to FreeBSD, after I have tested
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279437 I still could not make
ssh connection due to "rc4 8: EVP_CipherInit_ex einit" error.

As it turned out, https://github.com/heimdal/heimdal/issues/1224 was a problem.
But I could fix it by installing heimdal-devel as provided by cy@ (big thanks).

Speaking of maintenance burden, getting it to work requires well-maintained
openssh-portable with a random patch from Debian and a well-maintained Kerberos
implementation port, usually done by different people.

Therefore, no, and please keep it in base for as long as we can.

-- 
You are receiving this mail because:
You are on the CC list for the bug.