MIT Kerberos and OpenSSH
Jeremie Le Hen
jeremie at le-hen.org
Tue Jan 11 06:24:39 PST 2005
> Is there a way to get the default BSD 5.3 openssh to compile
> against the MIT kerberos libraries? I have set NO_KERBEROS=yes in
> /etc/make.conf so
> that the heimdal kerberos is not built, and rebuilt world, then installed
> /usr/ports/security/krb5 and rebuilt world again. sshd is however not being
> built against MIT at all.
>
> [root at foobar] ~ # ldd /usr/sbin/sshd
> /usr/sbin/sshd:
> libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000)
> libutil.so.4 => /lib/libutil.so.4 (0x280c7000)
> libz.so.2 => /lib/libz.so.2 (0x280d3000)
> libwrap.so.3 => /usr/lib/libwrap.so.3 (0x280e3000)
> libpam.so.2 => /usr/lib/libpam.so.2 (0x280eb000)
> libcrypto.so.3 => /lib/libcrypto.so.3 (0x280f2000)
> libcrypt.so.2 => /lib/libcrypt.so.2 (0x281e7000)
> libc.so.5 => /lib/libc.so.5 (0x281ff000)
I'm not a buildworld guru, but I think that with NO_KERBEROS=yes,
/usr/bin/sshd(8) will obviously NOT be linked with any krb library.
IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob.
Hope this helps.
Regards,
--
Jeremie Le Hen
jeremie at le-hen.org
More information about the freebsd-security
mailing list