-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
after the security/heimdal port was updated to the current heimdal release
and i added one missing function from base it is now possible to
completely buildworld src/ using the port for all Kerberos5/GSSAPI enabled
parts.
The patches for src/ are here:
ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/CURRENT_use_kerberos_port.patch
ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/8-STABLE_use_kerberos_port.patch
ftp://ftp.frm2.tum.de/pub/jpulz/FreeBSD/patches/8.1-RELENG_use_kerberos_port.patch
Here are the necessary steps
- - install security/heimdal
- - download the patch
- - cd /usr/src && patch -p0 < patchfile
- - add WITH_KERBEROS_PORT=1 to /etc/src.conf
- - add HEIMDAL_HOME=<prefix> (usually /usr/local) to /etc/make.conf
- - make buildworld as usual
To get a clean system you should add WITHOUT_KERBEROS=1 to /etc/src.conf
otherwise you will still build and install the base Kerberos5/GSSAPI
implementation. If you decide to add this to /etc/src.conf, don't forget
to run 'make delete-old delete-old-libs' to get rid of all the old stuff.
If you try this on 8-STABLE or 8.1-RELENG there will still be leftovers
but as soon as tools/build/mk/OptionalObsoleteFiles.inc gets MFC'd it
should at least on 8-STABLE no longer be a problem.
There is one drawback. As the port installs no 32bit libraries on amd64 or
powerpc64 there is no chance to build and install the following 32bit
compat libraries: librpcsec_gss, pam_krb5, pam_ksu.
The 32bit libssh will be build and installed but without Kerberos5/GSSAPI
support.
You should rebuild all ports which make use of the base Kerberos5/GSSAPI
libraries. See ports/152029 and ports/152071 for additional ports related
patches.
I use all this stuff on several machines right now and didn't found any
problem, it rather solved the problems i had with the broken stuff in
base, especially OpenLDAP with Cyrus-Sasl or Cyrus-Imapd and so on.
So everyone, please test and comment as i would really like to see this
functionality in base to provide people with an easy to use solution to
work around the old and partially broken Kerberos5/GSSAPI stuff in base.
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)
iD8DBQFM4a9RSPOsGF+KA+MRAgnFAJ9s26Insh0AJkxCBgSsEALrMuN5nQCgyxYL
fUNRYFwA+t+ozBF2U74uYhY=
=aKfM
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
