MIT KRB5 Commits

Wed, 04 Jun 2025 10:03:55 -0700 

I will be pushing the first of many MIT KRB5 commits, in this approximate order.

1.  MFV contrib/pam-krb5, the MIT compatible pam_krb5.
    Not hooked into buildworld yet.

2.  MFV crypto/krb5, MIT KRB5.
    Again not hooked into buildworld.

3.  Alterations to crytpo/krb5 to allow it to build under FreeBSD.

4.  share/mk/src.opts.mk: Add WITH_MITKRB5 and MK_MITKRB5, default disabled.
    The reason this is added at this point is subsequent commits that will
    reference MK_MITKRB5 will disable MIT KRB5. Partially because it will be
    disabled at first and partially because the series of commits must be
    completed before it will build. This allows for smaller commits that can be
    easily reviewed.

    It has been submitted under https://reviews.freebsd.org/D50684.

5.  krb5: MIT KRB5 itself.
    By itself this requires changes to existing components. This is the lion's
    share of the additions, 124 files. As MK_MITKRB5 is disabled this will not
    be part of the build until WITH_MITKRB5 is added to /etc/src.conf.

    This also includes additions/changes to:
    - share/mk/bsd.libnames.mk
    - share/mk/src.libnames.mk
    - Makefile.libcompat

6.  lib/libpam: Conditionally build pam-krb5 when MK_MITKRB5 == yes.

7.  lib/Makefile: Conditionally build libcom_err when building Heimdal only.
    Our lib/libcom_err is an extract of Heimdal. The libcom_err bundled with
    MIT KRB5 will be used when MK_MITKRB5 is enabled.

8.  secure/libexec/sshd-session/Makefile and secure/ssh.mk. Honour MK+MITKRB5 to
    fix build with MIT KRB5 enabled.

9.  Patches to usr.bin/Makefile: compile_et shipped with MIT KRB5 will be used 
when
    MK_MITKRB5 is enabled. usr.bin/compile_et is a heimdal extract.

10. Patches to usr.bin/telnet disabling telnet crypto. Telnet crypto uses DES 
which
    has been removed from newer MIT KRB5 (and newer Heimdal).

11. usr.sbin/gssd: Use MIT KRB5 libraries instead of Hiemdal libraries when 
MK_MITKRB5
    is enabled.

12. Finally Makefile.inc1. Add MK_MITKRB5 support and MIT KRB5 prebuild 
libraries.

Is this commit plan sound?


-- 
Cheers,
Cy Schubert <cy.schub...@cschubert.com>
FreeBSD UNIX:  <c...@freebsd.org>   Web:  https://FreeBSD.org
NTP:           <c...@nwtime.org>    Web:  https://nwtime.org

                        e^(i*pi)+1=0

Reply via email to