diff options
author | cy <cy@FreeBSD.org> | 2002-01-08 23:05:08 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2002-01-08 23:05:08 +0800 |
commit | 151e97c825fd466356f70a66b8ab60294e5d29b1 (patch) | |
tree | 163a39f1d2d09d16911fe6c504ccf3e2dc4eb48b /security | |
parent | d5da3276f7ff822e6d897e2225a1d24d3218dfc2 (diff) | |
download | freebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.tar.gz freebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.tar.zst freebsd-ports-gnome-151e97c825fd466356f70a66b8ab60294e5d29b1.zip |
In order to make the MIT KRB5 port compatible with FreeBSD, the port
now makes use of login.conf and login.access. This is performed by
using FreeBSD login(1) instead of MIT KRB5 login.krb5(8).
The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in
the klogind and telnetd arguments in inetd.conf. This is documented
in a new file called README.FreeBSD.
Reviewed by: nectar
Diffstat (limited to 'security')
28 files changed, 492 insertions, 8 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-16/Makefile +++ b/security/krb5-16/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-16/files/README.FreeBSD b/security/krb5-16/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-16/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-16/files/patch-appl::bsd::Makefile.in b/security/krb5-16/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-16/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-16/files/patch-appl::bsd::klogind.M b/security/krb5-16/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-16/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-16/pkg-plist b/security/krb5-16/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-16/pkg-plist +++ b/security/krb5-16/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-17/Makefile +++ b/security/krb5-17/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-17/files/README.FreeBSD b/security/krb5-17/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-17/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-17/files/patch-appl::bsd::Makefile.in b/security/krb5-17/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-17/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-17/files/patch-appl::bsd::klogind.M b/security/krb5-17/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-17/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-17/pkg-plist +++ b/security/krb5-17/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-appl/files/README.FreeBSD b/security/krb5-appl/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-appl/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-appl/files/patch-appl::bsd::Makefile.in b/security/krb5-appl/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-appl/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-appl/files/patch-appl::bsd::klogind.M b/security/krb5-appl/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-appl/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-appl/pkg-plist b/security/krb5-appl/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-appl/pkg-plist +++ b/security/krb5-appl/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5/files/README.FreeBSD b/security/krb5/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5/files/patch-appl::bsd::Makefile.in b/security/krb5/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5/files/patch-appl::bsd::klogind.M b/security/krb5/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5/pkg-plist +++ b/security/krb5/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html |