diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2025-07-31 09:51:20 -0700 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2025-08-07 10:17:00 -0700 |
| commit | e26259f48afe98022d885f02fbb8abcd7878e41a (patch) | |
| tree | a869efae69246fd58c6b3322fc909fdc9061715f /secure | |
| parent | a245dc5d68c74bca8d00cd50e21e9544af6b21c9 (diff) | |
gssapi,krb5: Replace libgssapi with the MIT version
lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed results in broken buildworld (gssd) and ports that will not
build without modifications to support the MIT gssapi in an alternate
location.
73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using
MIT KRB5 gssapi functions and structures will fail to build without this
patch.
This patch includes a temporary patch to usr.sbin/gssd to allow it
to build with this patch. rmacklem@ has a patch for this and for
kgssapi that uses this patch to resolve kgssapi issues for NFS with
Kerberos.
This patch is an updated version of D51661 to allow it to build following
additional patchs to the tree.
This should have been implmented with 7e35117eb07f.
Fixes: 7e35117eb07f, 73ed0c7992fd
Differential Revision: https://reviews.freebsd.org/D51661
Diffstat (limited to 'secure')
| -rw-r--r-- | secure/libexec/sshd-session/Makefile | 9 | ||||
| -rw-r--r-- | secure/usr.bin/ssh/Makefile | 4 | ||||
| -rw-r--r-- | secure/usr.sbin/sshd/Makefile | 4 |
3 files changed, 12 insertions, 5 deletions
diff --git a/secure/libexec/sshd-session/Makefile b/secure/libexec/sshd-session/Makefile index 8841cace5239..37e099794bd5 100644 --- a/secure/libexec/sshd-session/Makefile +++ b/secure/libexec/sshd-session/Makefile @@ -39,15 +39,14 @@ LDFLAGS+=-L${LIBBLACKLISTDIR} .endif .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" -LIBADD+= gssapi_krb5 gssapi krb5 .if ${MK_MITKRB5} != "no" +LIBADD+= gssapi_krb5 krb5 .include "../../krb5/Makefile.inc" CFLAGS+= -I${KRB5_DIR}/include \ -I${KRB5_SRCTOP}/include \ - -I${KRB5_OBJTOP}/lib \ - -I${KRB5_DIR}/lib/gssapi/generic \ - -I${KRB5_DIR}/lib/gssapi/krb5 \ - -I${KRB5_DIR}/lib/gssapi/mechglue + -I${KRB5_OBJTOP}/lib +.else +LIBADD+= gssapi_krb5 gssapi krb5 .endif .endif diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index acb1fd4eaa25..a4f36d0fe2df 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -18,7 +18,11 @@ SRCS+= gss-genr.c LIBADD= ssh .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" +.if ${MK_MITKRB5} == "no" LIBADD+= gssapi +.else +LIBADD+= gssapi_krb5 +.endif .endif LIBADD+= crypto diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index e6913cd9d0d6..f37dfe1c1b3a 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -19,7 +19,11 @@ moduli: .MADE LIBADD= ssh util .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" +.if ${MK_MITKRB5} == "no" LIBADD+= gssapi_krb5 gssapi krb5 +.else +LIBADD+= gssapi_krb5 krb5 +.endif .endif .if ${MK_TCP_WRAPPERS} != "no" |