Heimdal Kerberos Installed?

[Rick Miller]

On Tue, Feb 2, 2016 at 10:54 AM, Polytropon <freebsd at edvax.de> wrote:

> On Tue, 2 Feb 2016 10:48:52 -0500, Rick Miller wrote:
> > Hi all,
> >
> > I've discovered kerberos binaries in /usr/bin and /usr/sbin that had been
> > presumed not installed as the build system utilizes NO_KERBEROS=YES in
> > make.conf that built the resulting distribution based on the releng/10.0
> > branch.  It had been presumed that kerberos bits would not be included
> > outside of /usr/local where security/krb5 is being installed.
> > [...]
> > The problem is that it appears Heimdal Kerberos appears to be installed
> > despite the presence of NO_KERBEROS=YES in make.conf.  Are there base
> > kerberos bits that do get installed regardless of the existence of this
> > knob?  Is there an expectation that this knob notation (as opposed to
> > WITHOUT_KERBEROS) works with releng/10.0?
>
> Did you check /etc/src.conf settings as well? From "man src.conf":
>
>      WITHOUT_KERBEROS
>              Set this if you do not want to build Kerberos 5 (KTH Heimdal).
>              When set, it also enforces the following options:
>
>              WITHOUT_GSSAPI (can be overridden with WITH_GSSAPI)
>              WITHOUT_KERBEROS_SUPPORT
>
>      WITHOUT_KERBEROS_SUPPORT
>              Set to build some programs without Kerberos support, like
> cvs(1),
>              ssh(1), telnet(1), sshd(8), and telnetd(8).
>
> Also see WITHOUT_CRYPT and WITHOUT_OPENSSL entries in that file.


I had not checked src.conf(5).  Thanks for the tip.

Based on src.con(5), WITHOUT_KERBEROS enforces WITHOUT_KERBEROS_SUPPORT
thus implying the necessity to install OpenSSH and friends via Ports/pkg w/
Kerberos support compiled in to obtain that functionality, but with MIT
Krb.  Is this an accurate assumption?


-- 
Take care
Rick Miller