Re: MIT Kerberos and OpenSSH

From: Curry Searle (searle_at_unt.edu)
Date: 01/11/05

  • Next message: Gareth Hopkins: "Re: MIT Kerberos and OpenSSH" 
    Date: Tue, 11 Jan 2005 09:08:02 -0600
To: Jeremie Le Hen <jeremie@le-hen.org>

    You probably want to define one of the following examples from
    /etc/defaults/make.conf in your /etc/make.conf:

    # Kerberos IV
    # If you want KerberosIV (KTH eBones), define this:
    #
    #MAKE_KERBEROS4= yes
    #
    #
    # Kerberos 5
    # If you want Kerberos 5 (KTH Heimdal), define this:
    #
    #MAKE_KERBEROS5= yes
    #
    # Kerberos 5 su (k5su)
    # If you want to use the k5su utility, define this to have it installed
    # set-user-ID.
    #ENABLE_SUID_K5SU= yes
    #
    #
    # Kerberos5
    # If you want to install MIT Kerberos5 port somewhere other than /usr/local,
    # define this (this is also used to tell ssh1 that kerberos is needed):
    #
    #KRB5_HOME= /usr/local

    Jeremie Le Hen wrote:
    >> Is there a way to get the default BSD 5.3 openssh to compile
    >>against the MIT kerberos libraries? I have set NO_KERBEROS=yes in
    >>/etc/make.conf so
    >>that the heimdal kerberos is not built, and rebuilt world, then installed
    >>/usr/ports/security/krb5 and rebuilt world again. sshd is however not being
    >>built against MIT at all.
    >>
    >>[root@foobar] ~ # ldd /usr/sbin/sshd
    >>/usr/sbin/sshd:
    >> libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000)
    >> libutil.so.4 => /lib/libutil.so.4 (0x280c7000)
    >> libz.so.2 => /lib/libz.so.2 (0x280d3000)
    >> libwrap.so.3 => /usr/lib/libwrap.so.3 (0x280e3000)
    >> libpam.so.2 => /usr/lib/libpam.so.2 (0x280eb000)
    >> libcrypto.so.3 => /lib/libcrypto.so.3 (0x280f2000)
    >> libcrypt.so.2 => /lib/libcrypt.so.2 (0x281e7000)
    >> libc.so.5 => /lib/libc.so.5 (0x281ff000)
    >
    >
    > I'm not a buildworld guru, but I think that with NO_KERBEROS=yes,
    > /usr/bin/sshd(8) will obviously NOT be linked with any krb library.
    > IMHO, you should build OpenSSH from ports with the KERBEROS=yes knob.
    >
    > Hope this helps.
    > Regards, 

    -- 
____________________________________________________
Curry Searle               |
searle@unt.edu             |  Postmaster
www.cas.unt.edu/~searle    |  Unix Hosts
College of Arts & Sciences |  Windows Desktops
Computing Support Services |  Security Liaison
www.cascss.unt.edu         |
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Gareth Hopkins: "Re: MIT Kerberos and OpenSSH"

    Relevant Pages

    • Re: MIT Kerberos and OpenSSH
      ... CS># Kerberos IV ... CS># If you want to install MIT Kerberos5 port somewhere other than /usr/local, ... CS>>> being built against MIT at all. ... CS>To unsubscribe, ...
      (FreeBSD-Security)
    • Re: SSH 3.0.2 wont install
      ... I have gotten openssh 3.1 to install and working ... Able to SSH in as any user from anyhere. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (comp.security.ssh)
    • Re: Postfix install on 4.9
      ... Looks like it cannot find a kerberos library. ... you did a mini or custom install you do not have it. ... > bunker# make install ... > Weitergabe des Inhaltes der Email nicht gestattet ist. ...
      (freebsd-stable)
    • Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
      ... > So far I've only found a few apps that didn't get rebuilt that appear to ... and most of them are Kerberos tools (not sure why ... trimming old and unused binaries. ... automatically garbage collected by the install process. ...
      (FreeBSD-Security)
    • Problem installing AFS
      ... I´m trying to install a AFS-server on my Debian box. ... I wish to use Kerberos and I have configured the Kerberos-realm. ... I also created a partition mounted on /vicepa and formated it with ext2. ... This command blocks and gives some of the following ...
      (comp.os.linux.networking)