Bug 167554 - security/openssh-portable has some drawbacks
Summary: security/openssh-portable has some drawbacks
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-03 09:20 UTC by c.kworr
Modified: 2013-04-30 14:20 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description c.kworr 2012-05-03 09:20:07 UTC 
1. etc/rc.d/openssh generates DSA key instead of ECDSA (wrong type of key given to ssh-keygen on line 82).

2. on port Makefile line 100 openssh is hard tailored to MIT Kerberos whereas I'd like to use Heimdal. Commenting that line out works for me and files are correctly linked to Heimdal libs.
Comment 1 Bryan Drewery freebsd_committer freebsd_triage 2012-11-05 16:13:01 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->bdrewery

take
Comment 2 dfilter service freebsd_committer freebsd_triage 2013-04-30 14:13:57 UTC 
Author: bdrewery
Date: Tue Apr 30 13:13:49 2013
New Revision: 316929
URL: http://svnweb.freebsd.org/changeset/ports/316929

Log:
  - Add support for base and port Heimdal for Kerberos
  
  PR:		ports/167554
  Requested by:	Volodymyr Kostyrko <c.kworr@gmail.com>

Modified:
  head/security/openssh-portable/Makefile

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Tue Apr 30 12:38:52 2013	(r316928)
+++ head/security/openssh-portable/Makefile	Tue Apr 30 13:13:49 2013	(r316929)
@@ -39,10 +39,12 @@ ETCOLD=			${PREFIX}/etc
 SUDO?=		# empty
 MAKE_ENV+=	SUDO="${SUDO}"
 
-OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \
+OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM \
 			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
 			OVERWRITE_BASE SCTP
 OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS
+OPTIONS_RADIO=		KERBEROS
+OPTIONS_RADIO_KERBEROS=	MIT HEIMDAL HEIMDAL_BASE
 TCP_WRAPPERS_DESC=	Enable tcp_wrappers support
 BSM_DESC=		Enable OpenBSM Auditing
 KERB_GSSAPI_DESC=	Enable Kerberos/GSSAPI patch (req: GSSAPI)
@@ -52,6 +54,9 @@ LPK_DESC=		Enable LDAP Public Key (LPK) 
 X509_DESC=		Enable x509 certificate patch
 SCTP_DESC=		Enable SCTP support
 OVERWRITE_BASE_DESC=	OpenSSH overwrite base
+HEIMDAL_DESC=		Heimdal Kerberos (security/heimdal)
+HEIMDAL_BASE_DESC=	Heimdal Kerberos (base)
+MIT_DESC=		MIT Kerberos (security/krb5)
 
 .include <bsd.port.pre.mk>
 
@@ -101,9 +106,19 @@ CONFIGURE_ARGS+=	--with-libedit
 CONFIGURE_ARGS+=	--with-audit=bsm
 .endif
 
-.if ${PORT_OPTIONS:MKERBEROS}
+.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE}
 CONFIGURE_ARGS+=	--with-kerberos5
+.  if ${PORT_OPTIONS:MMIT}
 LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
+.  elif ${PORT_OPTIONS:MHEIMDAL}
+LIB_DEPENDS+=		krb5.26:${PORTSDIR}/security/heimdal
+.  elif ${PORT_OPTIONS:MHEIMDAL_BASE}
+.	if !exists(/usr/lib/libkrb5.so)
+IGNORE=		You have selected HEIMDAL_BASE but do not have heimdal installed in base
+.	else
+CONFIGURE_LIBS+=	-lgssapi_krb5
+.	endif
+.  endif
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
 PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/:gsskex
 PATCHFILES+=		openssh-5.7p1-gsskex-all-20110125.patch:gsskex
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Bryan Drewery freebsd_committer freebsd_triage 2013-04-30 14:14:14 UTC 
State Changed
From-To: open->closed

Both issues now addressed. Heimdal support added in r316929.