MIT Kerberos and OpenSSH
Curry Searle
searle at unt.edu
Tue Jan 11 07:07:58 PST 2005
You probably want to define one of the following examples from
/etc/defaults/make.conf in your /etc/make.conf:
# Kerberos IV
# If you want KerberosIV (KTH eBones), define this:
#
#MAKE_KERBEROS4= yes
#
#
# Kerberos 5
# If you want Kerberos 5 (KTH Heimdal), define this:
#
#MAKE_KERBEROS5= yes
#
# Kerberos 5 su (k5su)
# If you want to use the k5su utility, define this to have it installed
# set-user-ID.
#ENABLE_SUID_K5SU= yes
#
#
# Kerberos5
# If you want to install MIT Kerberos5 port somewhere other than /usr/local,
# define this (this is also used to tell ssh1 that kerberos is needed):
#
#KRB5_HOME= /usr/local
Jeremie Le Hen wrote:
>> Is there a way to get the default BSD 5.3 openssh to compile
>>against the MIT kerberos libraries? I have set NO_KERBEROS=yes in
>>/etc/make.conf so
>>that the heimdal kerberos is not built, and rebuilt world, then installed
>>/usr/ports/security/krb5 and rebuilt world again. sshd is however not being
>>built against MIT at all.
>>
>>[root at foobar] ~ # ldd /usr/sbin/sshd
>>/usr/sbin/sshd:
>> libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000)
>> libutil.so.4 => /lib/libutil.so.4 (0x280c7000)
>> libz.so.2 => /lib/libz.so.2 (0x280d3000)
>> libwrap.so.3 => /usr/lib/libwrap.so.3 (0x280e3000)
>> libpam.so.2 => /usr/lib/libpam.so.2 (0x280eb000)
>> libcrypto.so.3 => /lib/libcrypto.so.3 (0x280f2000)
>> libcrypt.so.2 => /lib/libcrypt.so.2 (0x281e7000)
>> libc.so.5 => /lib/libc.so.5 (0x281ff000)
>
>
> I'm not a buildworld guru, but I think that with NO_KERBEROS=yes,
> /usr/bin/sshd(8) will obviously NOT be linked with any krb library.
> IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob.
>
> Hope this helps.
> Regards,
--
____________________________________________________
Curry Searle |
searle at unt.edu | Postmaster
www.cas.unt.edu/~searle | Unix Hosts
College of Arts & Sciences | Windows Desktops
Computing Support Services | Security Liaison
www.cascss.unt.edu |
More information about the freebsd-security
mailing list