From owner-freebsd-security@FreeBSD.ORG Sun Jun 6 20:15:37 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A8EE9106582B; Sun, 6 Jun 2010 20:15:37 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id CF6918FC18; Sun, 6 Jun 2010 20:15:36 +0000 (UTC) Received: by wwb22 with SMTP id 22so2800713wwb.13 for ; Sun, 06 Jun 2010 13:15:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=vyu6yUV6/bOp6kcK940aVXgFEm0at7jm5a0e0+Q8eZM=; b=qsTsJjWL7gANzXdnEdx/JZRdqoP/748xspJyVvbgsZvlLR71TBe5krSBBeTVZENypL cgKP+os5kFEV82uHmnldOQcsVmM+SdIwO7IF21bpoeOfOirP02pQ1p8cWZAF60ME5nUs FHIAvASNfJVoic+b7A65aPGIZFCjKvd4EL8Nk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=ppBapDU7MJ1jRlLpgdrGnPdA+NLmWroFVnkQ5VwtTXCuhWxuKjmzpRrClBcPDyOrt3 F00l4fasX2ym2QS37Rlwt3nMy8sXNRVwPJHfEAP0oCgCbrNKJ7UD7VhWcyXZkrKMenyS gwjzYAvUzpS7+Cu1DAyuZYq5j0kxlf5ekiIsc= MIME-Version: 1.0 Received: by 10.216.88.85 with SMTP id z63mr1620519wee.105.1275855333856; Sun, 06 Jun 2010 13:15:33 -0700 (PDT) Received: by 10.216.183.5 with HTTP; Sun, 6 Jun 2010 13:15:33 -0700 (PDT) In-Reply-To: <4C0BFBAB.9030808@FreeBSD.org> References: <19467.61790.690469.182207@hergotha.csail.mit.edu> <4C0BF89F.90908@FreeBSD.org> <4C0BFBAB.9030808@FreeBSD.org> Date: Sun, 6 Jun 2010 20:15:33 +0000 Message-ID: From: "b. f." To: Doug Barton Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, Lyndon Nerenberg , Garrett Wollman Subject: Re: Our aging base system krb5 [heimdal] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bf1783@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jun 2010 20:15:37 -0000 >I would love for it to go away entirely, and those base-system >components that depend on it to learn how to use either Kerberos >implementation from ports. (I'd also love for the ancient and broken >base version of libcom_err to go away -- there's no knob to turn it >off, and the shared library conflicts with ports/krb5.) I think that would please a lot of people -- but is the project still committed to having a Kerberos implementation as one of a few important applications in the base system, so that users don't have to rely upon ports? Would relegating it to ports mean that Kerberos would be disabled by default in base system utilities, so that the base system is self-hosting? What incompatibilities exist between that latest versions of the MIT Kerberos and Heimdal implementations? How does des@ feel about it, since libpam and openssh may have to be altered? b.