7 files changed, 123 insertions, 2 deletions

diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile
index 7fac84161a4a..3a0bf189ab7f 100644
--- a/security/krb5-17/Makefile
+++ b/security/krb5-17/Makefile
@@ -7,11 +7,11 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.2.2
-PORTREVISION=		4
+PORTREVISION=		5
 CATEGORIES=		security
 MASTER_SITES=		# manual download
 
-MAINTAINER=		Cy.Schubert@uumail.gov.bc.ca
+MAINTAINER=		cy@FreeBSD.org
 
 BUILD_DEPENDS=		gm4:${PORTSDIR}/devel/m4
 
@@ -113,5 +113,15 @@ post-install:
 	${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
 	${RM} ${TMPPLIST}.new
 .endif
+	@${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+	@${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+	@${ECHO} "------------------------------------------------------"
+	@${ECHO} "This port of MIT Kerberos 5 includes remote login     "
+	@${ECHO} "daemons (telnetd and klogind).  These daemons default "
+	@${ECHO} "to using the system login program (/usr/bin/login).   "
+	@${ECHO} "Please see the file                                   "
+	@${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+	@${ECHO} "for more information.                                 "
+	@${ECHO} "------------------------------------------------------"
 
 .include <bsd.port.post.mk>
diff --git a/security/krb5-17/files/README.FreeBSD b/security/krb5-17/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5-17/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5.  However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD.  To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5.  The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console.  The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin	stream	tcp	nowait	root	${PREFIX}/sbin/klogind	klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin	stream	tcp	nowait	root	${PREFIX}/sbin/klogind	klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet	stream	tcp	nowait	root	${PREFIX}/sbin/telnetd	telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+	:cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+	:if=/etc/issue:\
+	:lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5-17/files/patch-appl::bsd::Makefile.in b/security/krb5-17/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig	Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in	Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ 	-DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+ 
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+-	-DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++	-DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+ 
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+ 
diff --git a/security/krb5-17/files/patch-appl::bsd::klogind.M b/security/krb5-17/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig	Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M	Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the 
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+ 
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program.  Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+ 
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+ 
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use.  This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig	Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in	Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ #	@(#)Makefile.generic	5.5 (Berkeley) 3/1/91
+ #
+ 
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig	Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8	Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program.  Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode.  Tries to force clients to use line-at-a-time
diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist
index df48394c37cf..5170610a1b3d 100644
--- a/security/krb5-17/pkg-plist
+++ b/security/krb5-17/pkg-plist
@@ -102,6 +102,7 @@ sbin/sserver
 sbin/telnetd
 sbin/uuserver
 sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
 share/doc/krb5/admin.html
 share/doc/krb5/admin_foot.html
 share/doc/krb5/admin_toc.html