diff options
28 files changed, 492 insertions, 8 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-16/Makefile +++ b/security/krb5-16/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-16/files/README.FreeBSD b/security/krb5-16/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-16/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-16/files/patch-appl::bsd::Makefile.in b/security/krb5-16/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-16/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-16/files/patch-appl::bsd::klogind.M b/security/krb5-16/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-16/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-16/pkg-plist b/security/krb5-16/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-16/pkg-plist +++ b/security/krb5-16/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-17/Makefile +++ b/security/krb5-17/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-17/files/README.FreeBSD b/security/krb5-17/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-17/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-17/files/patch-appl::bsd::Makefile.in b/security/krb5-17/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-17/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-17/files/patch-appl::bsd::klogind.M b/security/krb5-17/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-17/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-17/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-17/pkg-plist +++ b/security/krb5-17/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5-appl/files/README.FreeBSD b/security/krb5-appl/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-appl/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-appl/files/patch-appl::bsd::Makefile.in b/security/krb5-appl/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5-appl/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-appl/files/patch-appl::bsd::klogind.M b/security/krb5-appl/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5-appl/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-appl/pkg-plist b/security/krb5-appl/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5-appl/pkg-plist +++ b/security/krb5-appl/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 7fac84161a4a..3a0bf189ab7f 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -7,11 +7,11 @@ PORTNAME= krb5 PORTVERSION= 1.2.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= # manual download -MAINTAINER= Cy.Schubert@uumail.gov.bc.ca +MAINTAINER= cy@FreeBSD.org BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 @@ -113,5 +113,15 @@ post-install: ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} ${RM} ${TMPPLIST}.new .endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" .include <bsd.port.post.mk> diff --git a/security/krb5/files/README.FreeBSD b/security/krb5/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5/files/patch-appl::bsd::Makefile.in b/security/krb5/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..603c399a287f --- /dev/null +++ b/security/krb5/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -28,7 +28,7 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5/files/patch-appl::bsd::klogind.M b/security/krb5/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..1523c3d593df --- /dev/null +++ b/security/krb5/files/patch-appl::bsd::klogind.M @@ -0,0 +1,34 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,6 +14,7 @@ + ] + [ + [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] ++[\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + .SH DIAGNOSTICS + All diagnostic messages are returned on the connection + associated with the diff --git a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist index df48394c37cf..5170610a1b3d 100644 --- a/security/krb5/pkg-plist +++ b/security/krb5/pkg-plist @@ -102,6 +102,7 @@ sbin/sserver sbin/telnetd sbin/uuserver sbin/v5passwdd +share/doc/krb5/README.FreeBSD share/doc/krb5/admin.html share/doc/krb5/admin_foot.html share/doc/krb5/admin_toc.html |