MIT Kerberos and OpenSSH
Jeff Aitken
jaitken at aitken.com
Wed Jan 12 12:25:01 PST 2005
On Wed, Jan 12, 2005 at 10:33:28AM -0500, Tom Rhodes wrote:
> > There must be a way to get the base system openssh to build against
> > the installed MIT port.
>
> Have you asked Mark Murray about this? I think he has worked
> with Kerberos in the base system.
On a related note, when building the krb5 port in FreeBSD-5.3, it
appears that ksu is not installed. I'm not sure I understand
fully why this is the case, but it appears that the following
lines in /usr/ports/security/krb5/Makefile:
CONFIGURE_ENV= INSTALL="${INSTALL}" YACC=/usr/bin/yacc \
CFLAGS="${CFLAGS}"
MAKE_ARGS= INSTALL="${INSTALL}"
clobber the value of INSTALL in several of the generated Makefiles.
This only appears to affect ksu because it is the only one where the
install target references INSTALL_SETUID. After running a 'make' in
the top level, this is what you get in src/clients/Makefile:
INSTALL=install
INSTALL_STRIP=
INSTALL_PROGRAM=install -s -o root -g wheel -m 555 $(INSTALL_STRIP)
INSTALL_SCRIPT=install -o root -g wheel -m 555
INSTALL_DATA=install -o root -g wheel -m 444
INSTALL_SHLIB=@INSTALL_SHLIB@
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
Note that INSTALL_SETUID references INSTALL, which is not defined as
I would expect; I think the correct value should look like this:
INSTALL=/usr/bin/install -c -o root -g wheel
Most of the other executables that get installed seem to reference
INSTALL_PROGRAM directly.
Also interesting is that src/clients/ksu/Makefile appears to lack a
defined install-unix target. All of the other Makefiles have something
that looks like this:
install-unix::
for f in klist; do \
$(INSTALL_PROGRAM) $$f \
$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
$(INSTALL_DATA) $(srcdir)/$$f.M \
$(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
done
I don't know if this is a problem or not.
Anyway, if you remove the CONFIGURE_ENV and MAKE_ARGS definitions in
/usr/ports/security/krb5/Makefile, you get a "correct" Makefile in
src/clients/ksu:
INSTALL=/usr/bin/install -c -o root -g wheel
INSTALL_STRIP=
INSTALL_PROGRAM=install -s -o root -g wheel -m 555 $(INSTALL_STRIP)
INSTALL_SCRIPT=install -o root -g wheel -m 555
INSTALL_DATA=install -o root -g wheel -m 444
INSTALL_SHLIB=@INSTALL_SHLIB@
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
The krb5 Makefiles are a maze of indirection so I'm not sure I have
this figured out, but figured I'd toss it out and see if anyone else
can confirm or deny.
--Jeff
More information about the freebsd-security
mailing list