Re: Heimdal vs MIT KerberosV
On Fri, Feb 27, 2009 at 7:44 PM, Tom McLaughlin
tmcla...@sdf.lonestar.orgwrote:
Mel wrote:
On Thursday 26 February 2009 08:48:35 Tim Judd wrote:
Building WITHOUT_KERBEROS and installing MIT-port, is best option to use
that implementation. You may need to remove libraries by hand, not sure if
make delete-old-libs covers it.
Using WITHOUT_KERBEROS to build world IIRC will cause you to lose
pam_{krb5,ksu} and GSSAPI support in ssh. Depending on your environment,
those might be useful.
Other than the kadmin protocol differences why change from Heimdal to MIT?
tom
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
Frankly - it's a matter of exploration, learning and understanding of
everything all put together.
Secondly, it's because MIT offers a windows MIT KerberosV application and I
wanted to see them interact with each other.
Thirdly, src.conf(5) clearly states that the knob WITH_GSSAPI will
re-introduce that back into world. And as a subnote, I don't know how to
use GSSAPI, don't know how to administer the API, or enable a service/daemon
to utilize GSSAPI.
Fourthly -- Loosing the pam_{krb5,ksu} is no sweat. As the first, initial
play thing, I'd keep local accounts, enabling K5 and see how they interact.
Speaking of the interaction, it's the time to learn DNS SRV records, and K5
seems a useful go at it.
I may have forgotten a reason, but it's how my mind works, how I enjoy to
learn, and I'm not going to break the Internet doing it. :)
LTNS, tmclaugh. Haven't seen you around recently.
--TJ
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Heimdal vs MIT KerberosV
Mel wrote:
On Thursday 26 February 2009 08:48:35 Tim Judd wrote:
Building WITHOUT_KERBEROS and installing MIT-port, is best option to use that
implementation. You may need to remove libraries by hand, not sure if make
delete-old-libs covers it.
Using WITHOUT_KERBEROS to build world IIRC will cause you to lose
pam_{krb5,ksu} and GSSAPI support in ssh. Depending on your
environment, those might be useful.
Other than the kadmin protocol differences why change from Heimdal to MIT?
tom
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Heimdal vs MIT KerberosV
Hello, Experts.. MIT and I are both located in the US -- so the export law from the US/to the US isn't applicable. I can understand why the included KerberosV implementation is the one from Sweeden, due to these export laws. I know there's a knob (WITHOUT_KERBEROS) to exclude it from the base system, but how can I replace the Sweeden-based Heimdal implementation in favor of the MIT implementation. This isn't expected to be a long drawn out process, one that takes world hacking to work. It'd be just as easy for me to build MIT krb5 from ports and let it install into /usr/local. That's fine -- but I wanted to stretch my knowledge on FreeBSD and the building process and would like to know what it would take to drop in MIT in exchange for Heimdal. I'd guess a couple possible ways to do it, but I wanted to ask the experts before I broke FreeBSD. :) Options as I see them: 1) Take the port directory and replace the contents of /usr/src/kerberos5 with security/krb5 from ports 2) Take the tarball from MIT and drop it into /usr/src/kerberos5 If anything were to work, I'd expect #1 to. So what is the expert's opinion, is it really this easy? Thanks, everyone. Appreciate your time and input. --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Heimdal vs MIT KerberosV
On Thursday 26 February 2009 08:48:35 Tim Judd wrote:
It'd be just as easy for me to build
MIT krb5 from ports and let it install into /usr/local. That's fine -- but
I wanted to stretch my knowledge on FreeBSD and the building process and
would like to know what it would take to drop in MIT in exchange for
Heimdal. I'd guess a couple possible ways to do it, but I wanted to ask
the experts before I broke FreeBSD. :)
Options as I see them:
1) Take the port directory and replace the contents of
/usr/src/kerberos5 with security/krb5 from ports
2) Take the tarball from MIT and drop it into /usr/src/kerberos5
If anything were to work, I'd expect #1 to. So what is the expert's
opinion, is it really this easy?
Neither will work. The ports build system is a vastly different superset of
the src system. Ports core makefiles are in /usr/ports/Mk, and src
in /usr/share/mk. Ports take very little from /usr/share/mk, only sys.mk for
default flags, bsd.own.mk for default ownerships, the bsd.ports*.mk to point
to $PORTSDIR and exclude /etc/src.conf and that's about it.
Further more, the base system doesn't use 'configure', patches are applied to
make it work for FreeBSD without this hurdle. In short, if you want to learn
about the src make system, this isn't a good project. A better project is
read the pmake tutorial, the make(1) manpage, comments in /usr/share/mk/*.mk
and start writing your own software with this build system.
Start with something like:
cat EOF BSDmakefile
PROG=hello
.include bsd.prog.mk
EOF
cat 'EOF' hello.c
#include stdio.h
int main(int argc, char **argv)
{
printf(Hello world!\n);
return 0;
}
EOF
make
=
Building WITHOUT_KERBEROS and installing MIT-port, is best option to use that
implementation. You may need to remove libraries by hand, not sure if make
delete-old-libs covers it.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Heimdal vs MIT KerberosV
On Thu, Feb 26, 2009 at 3:23 PM, Mel fbsd.questi...@rachie.is-a-geek.netwrote:
On Thursday 26 February 2009 08:48:35 Tim Judd wrote:
It'd be just as easy for me to build
MIT krb5 from ports and let it install into /usr/local. That's fine --
but
I wanted to stretch my knowledge on FreeBSD and the building process and
would like to know what it would take to drop in MIT in exchange for
Heimdal. I'd guess a couple possible ways to do it, but I wanted to ask
the experts before I broke FreeBSD. :)
Options as I see them:
1) Take the port directory and replace the contents of
/usr/src/kerberos5 with security/krb5 from ports
2) Take the tarball from MIT and drop it into /usr/src/kerberos5
If anything were to work, I'd expect #1 to. So what is the expert's
opinion, is it really this easy?
Neither will work. The ports build system is a vastly different superset of
the src system. Ports core makefiles are in /usr/ports/Mk, and src
in /usr/share/mk. Ports take very little from /usr/share/mk, only sys.mkfor
default flags, bsd.own.mk for default ownerships, the bsd.ports*.mk to
point
to $PORTSDIR and exclude /etc/src.conf and that's about it.
Further more, the base system doesn't use 'configure', patches are applied
to
make it work for FreeBSD without this hurdle. In short, if you want to
learn
about the src make system, this isn't a good project. A better project is
read the pmake tutorial, the make(1) manpage, comments in
/usr/share/mk/*.mk
and start writing your own software with this build system.
Start with something like:
cat EOF BSDmakefile
PROG=hello
.include bsd.prog.mk
EOF
cat 'EOF' hello.c
#include stdio.h
int main(int argc, char **argv)
{
printf(Hello world!\n);
return 0;
}
EOF
make
=
Building WITHOUT_KERBEROS and installing MIT-port, is best option to use
that
implementation. You may need to remove libraries by hand, not sure if make
delete-old-libs covers it.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Mel,
Thank you very much for the informative reply. It not only gives me a
starting point, but it also describes why it won't work in good detail. I
always look forward to your posts -- for they're very well done.
I will personally archive this off, because it's information is like gold to
me, especially when I'm so new to altering OS functions... Thanks again.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
