tech-pkg: Re: Kerberos in pkgsrc

Subject: Re: Kerberos in pkgsrc
To: Johan Danielsson <joda@pdc.kth.se>
From: Johnny C. Lam <lamj@stat.cmu.edu>
List: tech-pkg
Date: 03/30/2001 10:22:11
joda@pdc.kth.se (Johan Danielsson) writes:
> 
> "Johnny C. Lam" <lamj@stat.cmu.edu> writes:
> 
> > Is the following sufficient to test for the presence of Kerberos V?
> > Will it work for either MIT krb5 and Heimdal krb5?
> 
> The header files can live in other places too. I don't think they ever
> did in NetBSD, but it might be important for other systems. The
> presence of krb5-config is a better test, but that's pretty recent.

Can you suggest a better test?  Where are the other places that the
headers might live, relative to some ${KRB5_PREFIX}?

> > Some packages depend on kth-krb4 for Kerberos IV but rely on
> > Kerberos V to be in the base system if ${KERBEROS} is defined, but
> > as I understand it, NetBSD didn't get krb5 in the base system until
> > 1.5 so these packages won't work properly on pre-1.5 NetBSD systems.
> 
> It got integrated sometime between 1.4 and 1.5, so these packages
> won't work if KERBEROS is defined. I guess one way would be to make a
> package of Heimdal and depend on that when there's no other krb5
> around. It will help for other systems too.

I'll see about making a security/heimdal package for NetBSD<1.5 and
other systems.

> > Do we need something like USE_SSL that automatically installs
> > OpenSSL on systems that need it for Kerberos IV?
> 
> Why do you need OpenSSL for Kerberos 4? The older systems didn't have
> it, but linked with some other libdes.

I think I didn't explain clearly.  I was asking if we should have
USE_KERBEROS, or perhaps new variables USE_KERBEROS{4,5} that trigger
the installation of kth-krb4 and heimdal if the equivalents aren't
present in the base system.  This would be much like how USE_SSL
triggers the installation of openssl on systems where it isn't present
in the base system.  It would be kind of tricky if there was a MIT
Kerberos V implementation in the base system, like I think recent
versions of Solaris have.  In this case, I'm inclined to say, "This is
the NetBSD Packages Collection, so we'll just assume Kerberos V ==
Heimdal."

	Cheers,

     -- Johnny C. Lam <lamj@stat.cmu.edu>
        Department of Statistics, Carnegie Mellon University
        http://www.stat.cmu.edu/~lamj/