Kerberos and FreeBSD

[Ansar Mohammed]

Thanks for the feedback.
I built world and disabled Kerberos in src.conf.

I will just install Heimdal via ports now.

There seems to be alot of other rather old bits of software in a
default installation. I noticed some old digiboard utility in a base
9.0 build.

On Wed, Feb 8, 2012 at 5:41 PM, Rick Macklem <rmacklem at uoguelph.ca> wrote:
> Benjamin Kaduk wrote:
>> On Wed, 8 Feb 2012, Ansar Mohammed wrote:
>>
>> > Hello All,
>> > Is the port of Heimdal on FreeBSD being maintained? The version that
>> > ships with 9.0 seems a bit old.
>> >
>> > #> /usr/libexec/kdc-v
>> > kdc (Heimdal 1.1.0)
>> > Copyright 1995-2008 Kungliga Tekniska Högskolan
>> > Send bug-reports to heimdal-bugs at h5l.org
>>
>> My understanding is that every five years or so, someone becomes fed
>> up
>> enough with the staleness of the "current" version and puts in the
>> effort
>> to merge in a newer version.
>> It looks like 3 years ago, dfr brought in that Heimdal 1.1 you see, to
>> replace the Heimdal 0.6 that nectar brought in 8 years ago.
>> I don't know of anyone with active plans to bring in a new version, at
>> present.
>>
>> -Ben Kaduk
>>
> I think it's a little trickier than it sounds. The Kerberos in FreeBSD
> isn't vanilla Heimdal 1.1, but a somewhat modified variant.
>
> Heimdal libraries have a separate source file for each function, plus
> a source file that defines all global storage used by functions in the
> library.
> One difference w.r.t. the FreeBSD variant that I am aware of is:
> - Some of the functions were moved from one library to another. (I don't
>  know why, but maybe it was to avoid a POLA violation which would require
>  apps to be linked with additional libraries?)
>  - To do this, some global variables were added to the source file in the
>    library these functions were moved to.
> As such, if you statically link an app. to both libraries, the global variable
> can come up "multiply defined". (I ran into this when I was developing a "gssd"
> prior to the one introduced as part of the kernel rpc.) You can get around this
> by dynamically linking, being careful about the order in which the libraries are
> specified. (The command "krb5-config --libs" helps w.r.t. this.)
>
> I don't know what else was changed, but I do know that it isn't as trivial as
> replacing the sources with ones from a newer Heimdal release.
>
> I think it would be nice if a newer Heimdal release was brought it, with the
> minimal changes required to make it work. (If that meant that apps. needed more
> libraries, the make files could use "krb5-config --libs" to handle it, I think?)
>
> Oh, and I'm not volunteering to try and do it;-) rick
>