aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2002-01-08 23:05:08 +0800
committercy <cy@FreeBSD.org>2002-01-08 23:05:08 +0800
commit151e97c825fd466356f70a66b8ab60294e5d29b1 (patch)
tree163a39f1d2d09d16911fe6c504ccf3e2dc4eb48b /security
parentd5da3276f7ff822e6d897e2225a1d24d3218dfc2 (diff)
downloadfreebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.tar.gz
freebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.tar.zst
freebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.zip
In order to make the MIT KRB5 port compatible with FreeBSD, the port
now makes use of login.conf and login.access. This is performed by using FreeBSD login(1) instead of MIT KRB5 login.krb5(8). The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in the klogind and telnetd arguments in inetd.conf. This is documented in a new file called README.FreeBSD. Reviewed by: nectar
Diffstat (limited to 'security')
-rw-r--r--security/krb5-16/Makefile14
-rw-r--r--security/krb5-16/files/README.FreeBSD32
-rw-r--r--security/krb5-16/files/patch-appl::bsd::Makefile.in11
-rw-r--r--security/krb5-16/files/patch-appl::bsd::klogind.M34
-rw-r--r--security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5-16/pkg-plist1
-rw-r--r--security/krb5-17/Makefile14
-rw-r--r--security/krb5-17/files/README.FreeBSD32
-rw-r--r--security/krb5-17/files/patch-appl::bsd::Makefile.in11
-rw-r--r--security/krb5-17/files/patch-appl::bsd::klogind.M34
-rw-r--r--security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5-17/pkg-plist1
-rw-r--r--security/krb5-appl/Makefile14
-rw-r--r--security/krb5-appl/files/README.FreeBSD32
-rw-r--r--security/krb5-appl/files/patch-appl::bsd::Makefile.in11
-rw-r--r--security/krb5-appl/files/patch-appl::bsd::klogind.M34
-rw-r--r--security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5-appl/pkg-plist1
-rw-r--r--security/krb5/Makefile14
-rw-r--r--security/krb5/files/README.FreeBSD32
-rw-r--r--security/krb5/files/patch-appl::bsd::Makefile.in11
-rw-r--r--security/krb5/files/patch-appl::bsd::klogind.M34
-rw-r--r--security/krb5/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5/pkg-plist1
28 files changed, 492 insertions, 8 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile
index 7fac84161a4a..3a0bf189ab7f 100644
--- a/security/krb5-16/Makefile
+++ b/security/krb5-16/Makefile
@@ -7,11 +7,11 @@
PORTNAME= krb5
PORTVERSION= 1.2.2
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= # manual download
-MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
+MAINTAINER= cy@FreeBSD.org
BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
@@ -113,5 +113,15 @@ post-install:
${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
${RM} ${TMPPLIST}.new
.endif
+ @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "This port of MIT Kerberos 5 includes remote login "
+ @${ECHO} "daemons (telnetd and klogind). These daemons default "
+ @${ECHO} "to using the system login program (/usr/bin/login). "
+ @${ECHO} "Please see the file "
+ @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+ @${ECHO} "for more information. "
+ @${ECHO} "------------------------------------------------------"
.include <bsd.port.post.mk>
diff --git a/security/krb5-16/files/README.FreeBSD b/security/krb5-16/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5-16/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD. To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console. The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:\
+ :lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5-16/files/patch-appl::bsd::Makefile.in b/security/krb5-16/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5-16/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+
diff --git a/security/krb5-16/files/patch-appl::bsd::klogind.M b/security/krb5-16/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5-16/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use. This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
+ #
+
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5-16/pkg-plist b/security/krb5-16/pkg-plist
index df48394c37cf..5170610a1b3d 100644
--- a/security/krb5-16/pkg-plist
+++ b/security/krb5-16/pkg-plist
@@ -102,6 +102,7 @@ sbin/sserver
sbin/telnetd
sbin/uuserver
sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
share/doc/krb5/admin.html
share/doc/krb5/admin_foot.html
share/doc/krb5/admin_toc.html
diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile
index 7fac84161a4a..3a0bf189ab7f 100644
--- a/security/krb5-17/Makefile
+++ b/security/krb5-17/Makefile
@@ -7,11 +7,11 @@
PORTNAME= krb5
PORTVERSION= 1.2.2
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= # manual download
-MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
+MAINTAINER= cy@FreeBSD.org
BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
@@ -113,5 +113,15 @@ post-install:
${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
${RM} ${TMPPLIST}.new
.endif
+ @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "This port of MIT Kerberos 5 includes remote login "
+ @${ECHO} "daemons (telnetd and klogind). These daemons default "
+ @${ECHO} "to using the system login program (/usr/bin/login). "
+ @${ECHO} "Please see the file "
+ @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+ @${ECHO} "for more information. "
+ @${ECHO} "------------------------------------------------------"
.include <bsd.port.post.mk>
diff --git a/security/krb5-17/files/README.FreeBSD b/security/krb5-17/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5-17/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD. To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console. The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:\
+ :lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5-17/files/patch-appl::bsd::Makefile.in b/security/krb5-17/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+
diff --git a/security/krb5-17/files/patch-appl::bsd::klogind.M b/security/krb5-17/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use. This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
+ #
+
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist
index df48394c37cf..5170610a1b3d 100644
--- a/security/krb5-17/pkg-plist
+++ b/security/krb5-17/pkg-plist
@@ -102,6 +102,7 @@ sbin/sserver
sbin/telnetd
sbin/uuserver
sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
share/doc/krb5/admin.html
share/doc/krb5/admin_foot.html
share/doc/krb5/admin_toc.html
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index 7fac84161a4a..3a0bf189ab7f 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -7,11 +7,11 @@
PORTNAME= krb5
PORTVERSION= 1.2.2
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= # manual download
-MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
+MAINTAINER= cy@FreeBSD.org
BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
@@ -113,5 +113,15 @@ post-install:
${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
${RM} ${TMPPLIST}.new
.endif
+ @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "This port of MIT Kerberos 5 includes remote login "
+ @${ECHO} "daemons (telnetd and klogind). These daemons default "
+ @${ECHO} "to using the system login program (/usr/bin/login). "
+ @${ECHO} "Please see the file "
+ @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+ @${ECHO} "for more information. "
+ @${ECHO} "------------------------------------------------------"
.include <bsd.port.post.mk>
diff --git a/security/krb5-appl/files/README.FreeBSD b/security/krb5-appl/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5-appl/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD. To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console. The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:\
+ :lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5-appl/files/patch-appl::bsd::Makefile.in b/security/krb5-appl/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5-appl/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+
diff --git a/security/krb5-appl/files/patch-appl::bsd::klogind.M b/security/krb5-appl/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5-appl/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use. This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
+ #
+
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5-appl/pkg-plist b/security/krb5-appl/pkg-plist
index df48394c37cf..5170610a1b3d 100644
--- a/security/krb5-appl/pkg-plist
+++ b/security/krb5-appl/pkg-plist
@@ -102,6 +102,7 @@ sbin/sserver
sbin/telnetd
sbin/uuserver
sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
share/doc/krb5/admin.html
share/doc/krb5/admin_foot.html
share/doc/krb5/admin_toc.html
diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index 7fac84161a4a..3a0bf189ab7f 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -7,11 +7,11 @@
PORTNAME= krb5
PORTVERSION= 1.2.2
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= # manual download
-MAINTAINER= Cy.Schubert@uumail.gov.bc.ca
+MAINTAINER= cy@FreeBSD.org
BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
@@ -113,5 +113,15 @@ post-install:
${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
${RM} ${TMPPLIST}.new
.endif
+ @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "This port of MIT Kerberos 5 includes remote login "
+ @${ECHO} "daemons (telnetd and klogind). These daemons default "
+ @${ECHO} "to using the system login program (/usr/bin/login). "
+ @${ECHO} "Please see the file "
+ @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+ @${ECHO} "for more information. "
+ @${ECHO} "------------------------------------------------------"
.include <bsd.port.post.mk>
diff --git a/security/krb5/files/README.FreeBSD b/security/krb5/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD. To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console. The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:\
+ :lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5/files/patch-appl::bsd::Makefile.in b/security/krb5/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+
diff --git a/security/krb5/files/patch-appl::bsd::klogind.M b/security/krb5/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use. This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
+ #
+
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist
index df48394c37cf..5170610a1b3d 100644
--- a/security/krb5/pkg-plist
+++ b/security/krb5/pkg-plist
@@ -102,6 +102,7 @@ sbin/sserver
sbin/telnetd
sbin/uuserver
sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
share/doc/krb5/admin.html
share/doc/krb5/admin_foot.html
share/doc/krb5/admin_toc.html