summaryrefslogtreecommitdiffstats
path: root/kerberos5
Commit message (Collapse)AuthorAgeFilesLines
* Assume a big-endian default on MIPS and drop the "eb" suffix from MACHINE_ARCH.jmallett2012-03-291-2/+1
| | | | | | | | | | | | | | | This makes our naming scheme more closely match other systems and the expectations of much third-party software. MIPS builds which are little-endian should require and exhibit no changes. Big-endian TARGET_ARCHes must be changed: From: To: mipseb mips mipsn32eb mipsn32 mips64eb mips64 An entry has been added to UPDATING and some foot-shooting protection (complete with warnings which should become errors in the near future) to the top-level base system Makefile.
* - Apply binutils workaround on mips.mips as well. Though this TARGET_ARCHstas2012-03-241-1/+2
| | | | is deprecated, tinderbox uses it.
* - Update FreeBSD Heimdal distribution to version 1.5.1. This also bringsstas2012-03-2262-855/+1842
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
* Don't support OpenLDAP during lib32 build.ume2011-12-061-1/+1
|
* - Make heimdal buildable with WITH_OPENLDAP defined, again.ume2011-12-052-4/+4
| | | | - Our heimdal uses the deprecated OpenLDAP functions.
* Link with -ledit instead of -lreadline.fjoe2011-11-292-4/+4
|
* - Add missing interdependencies to kerberos libraries. Some of thestas2011-09-2712-7/+33
| | | | | | | | | kerberos libraries were not linked properly (missing dependencies), which causes 3rd party applications linking to fail when --as-needed ld flag is used. I also added the --no-undefined ld(1) flag to make sure that there're no missing dependencies. MFC after: 3 days
* The kerberos5 tools are only used as build tools but not otherwise andmarius2011-06-251-1/+1
| | | | | | didn't get installed either. MFC after: 1 week
* Fix a typo.antoine2010-01-091-1/+1
| | | | MFC after: 1 month
* Fix a typo.antoine2010-01-091-1/+1
| | | | MFC after: 1 month
* Link GSS mechanics modules against libgssapi so they will not fail duebland2009-10-122-4/+4
| | | | | | | | unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL flag set (which is the default). Reviewed by: dfr, jhb MFC after: 3 days
* Disconnect closefrom.c as we have it as a system call.delphij2009-06-161-1/+0
|
* Now we have closefrom().delphij2009-06-151-1/+1
|
* Add strndup(3) prototype to string.h.kib2008-12-081-1/+1
| | | | | | | | | | | This change was erronously ommitted from the r185690, and attempt to simply add the prototype to string.h has revealed that several contributed programs defined local prototypes for strndup(), controlled by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to #define HAVE_STRNDUP 1. Next import of the corresponding program would regenerate config.h, overriding the changes in this commit. No objections from: kan
* Add an implementation of the RPCSEC_GSS authentication protocol for RPC. Thisdfr2008-08-062-0/+60
| | | | | | | | is based on an old implementation from the University of Michigan with lots of changes and fixes by me and the addition of a Solaris-compatible API. Sponsored by: Isilon Systems Reviewed by: alfred
* Add roken.h to SRCS. This fixes the compilation of slc during amarius2008-06-181-0/+1
| | | | | buildworld on a host running a world built with WITHOUT_KERBEROS defined.
* Add the hx509 error table.dfr2008-05-151-0/+2
|
* Add manpage links to krb5_principal.3.dfr2008-05-111-0/+29
|
* Don't try to make links to manpages that no longer exist. Fixes installworlddfr2008-05-111-6/+0
| | | | Submitted by: phk
* Update magic sed script for heimdal-1.1dfr2008-05-091-4/+7
|
* Update heimdal_version.dfr2008-05-081-2/+2
| | | | Pointed out by: antoine@
* Fix conflicts after heimdal-1.1 import and add build infrastructure. Importdfr2008-05-0743-292/+2114
| | | | all non-style changes made by heimdal to our own libgssapi.
* While checking over the libraries for 7.0-REL Kris found the followingkensmith2007-11-201-1/+1
| | | | | | | | | | | libraries had not had their versions bumped relative to 6.3-REL but had indeed been changed. We need to bump their version so they can be properly added to the compat6x port: libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8 libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2 MFC After: 1 day
* Remove _FREEFALL_CONFIG hackspeter2007-10-181-4/+1
|
* Fix generator glue to only expose extern struct units %s_units[] iskan2007-05-191-1/+6
| | | | | struct units defintition it known. The above construct is treated as an incorrect C by GCC 4.2 otherwise.
* Kerberos/Heimdal doesn't really depend on the INET6 macro.yar2006-07-281-1/+0
| | | | | | | | In the Heimdal distro, only kerberized telnet refers to INET6, but we don't build it, we use contrib/telnet linked with the Kerberos libs instead. Tested with: cmp(1)
* Bump library majro version for gethostbyaddr(3).ume2006-05-211-0/+1
|
* Reimplementation of world/kernel build options. For details, see:ru2006-03-171-5/+5
| | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
* NO_MAN is not needed here.ru2006-03-161-1/+0
|
* Add a new extensible GSS-API layer which can support GSS-API plugins,dfr2005-12-291-44/+6
| | | | | | | | | similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
* Apply the .PHONY attribute to the ../make*/make* targets. Thisru2005-11-101-2/+2
| | | | | | | causes them to be recreated (if needed) early, when doing "make depend" here, before generating headers that depend on them. This should fix breakages often seen while doing incremental (NO_CLEAN) cross-builds.
* Bump the shared library version number of all libraries that have notkensmith2005-07-221-1/+1
| | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
* This is sort of an MFS. Peter made these changes to the RELENG_*kensmith2005-07-071-1/+4
| | | | | | | | | | | | | | | | | | | branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite)
* Remove kludges intended to support src trees with partial obj trees.des2005-06-101-9/+0
| | | | Discussed with: ru
* Cope with the (unwise?) incompatible changes with make by addingimp2005-04-181-1/+1
| | | | a comment before defined(SRCS).
* Update Heimdal 0.6.1 -> 0.6.3.nectar2005-02-244-6/+7
|
* NODOCCOMPRESS -> NO_DOCCOMPRESSru2004-12-211-1/+1
| | | | | | | | NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
* Start the dreaded NOFOO -> NO_FOO conversion.ru2004-12-216-6/+6
| | | | OK'ed by: core
* Introduce the PRECIOUSPROG knob in bsd.prog.mk, similarru2004-11-031-1/+1
| | | | | | | | to PRECIOUSLIB from bsd.lib.mk. The side effect of this is making installing the world under jail(8) possible by using another knob, NOFSCHG. Reviewed by: oliver
* Join the 21st century: Cryptography is no longer an optional componentcperciva2004-08-061-1/+0
| | | | | | | | | | of releases. The -DNOCRYPT build option still exists for anyone who really wants to build non-cryptographic binaries, but the "crypto" release distribution is now part of "base", and anyone installing from a release will get cryptographic binaries. Approved by: re (scottl), markm Discussed on: freebsd-current, in late April 2004
* Update version strings for Heimdal: 0.6 -> 0.6.1nectar2004-04-133-6/+6
|
* Hookup `arcfour.c' to the build (missed during upgrade to heimdal 0.6.1).nectar2004-04-041-0/+1
|
* style.Makefile(5).ru2004-02-0530-920/+759
| | | | OK'ed by: nectar
* Try harder to pick up the correct print_version.c. The old versionru2004-02-051-4/+3
| | | | | | | | works before bsd.dep.mk,v 1.44, whether .depend file exists or not, but the contents of .depend file is wrong. With bsd.dep.mk,v 1.44, the contents of .depend file is always broken, and build without a .depend file is broken too. With this change it works reliably in all cases. Ugh.
* Unbreak build with OpenLDAP.ru2004-02-041-0/+2
| | | | Forgotten by: mr
* Put libraries in the link order.ru2004-02-049-24/+24
| | | | Reported by: lorder(1) (modified to work with libraries)
* Take signal.c out of sources.ru2004-02-031-1/+0
| | | | Reviewed by: nectar
* Put generated headers into SRCS so that we pick them up even ifru2004-02-032-1/+3
| | | | "make depend" was not run.
* asn1_compile needs roken.h.ru2004-02-012-2/+9
|
* Overhaul of kerberos5/ makefiles. Most significant changes are:ru2004-01-3137-647/+256
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Dropped support for standalone builds, this was only partially supported anyway, and required so much magic in makefiles that made life dangerous (e.g., by using the custom yacc rules). - Got rid of .OBJDIR in makefiles -- makes building of individual files possible again. - Made the .x.c transformations -j safe. - Reprogrammed LDADD to fix static build of some utilities that was broken. - Fixed LDFLAGS and DPADD in the WITH_OPENLDAP case -- positively affects the contents of .depend files. - Removed redundant .h's from SRCS, only kept those that are generated. - libkrb5/ INCS were bogusly installed again with libgssapi/. - Made build-tools real tools with their own makefiles in separate directories. This allows us to properly track their dependencies, etc. - Faster build, 21% less of makefile code! Approved by: nectar Reviewed by: markm Silence on: arch
OpenPOWER on IntegriCloud