Heimdal Kerberos Installed?
vmiller at hostileadmin.com
Tue Feb 2 19:01:06 UTC 2016
On Tue, Feb 2, 2016 at 10:54 AM, Polytropon <freebsd at edvax.de> wrote:
> On Tue, 2 Feb 2016 10:48:52 -0500, Rick Miller wrote:
> > Hi all,
> > I've discovered kerberos binaries in /usr/bin and /usr/sbin that had been
> > presumed not installed as the build system utilizes NO_KERBEROS=YES in
> > make.conf that built the resulting distribution based on the releng/10.0
> > branch. It had been presumed that kerberos bits would not be included
> > outside of /usr/local where security/krb5 is being installed.
> > [...]
> > The problem is that it appears Heimdal Kerberos appears to be installed
> > despite the presence of NO_KERBEROS=YES in make.conf. Are there base
> > kerberos bits that do get installed regardless of the existence of this
> > knob? Is there an expectation that this knob notation (as opposed to
> > WITHOUT_KERBEROS) works with releng/10.0?
> Did you check /etc/src.conf settings as well? From "man src.conf":
> Set this if you do not want to build Kerberos 5 (KTH Heimdal).
> When set, it also enforces the following options:
> WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI)
> Set to build some programs without Kerberos support, like
> ssh(1), telnet(1), sshd(8), and telnetd(8).
> Also see WITHOUT_CRYPT and WITHOUT_OPENSSL entries in that file.
I had not checked src.conf(5). Thanks for the tip.
Based on src.con(5), WITHOUT_KERBEROS enforces WITHOUT_KERBEROS_SUPPORT
thus implying the necessity to install OpenSSH and friends via Ports/pkg w/
Kerberos support compiled in to obtain that functionality, but with MIT
Krb. Is this an accurate assumption?
More information about the freebsd-questions