notbugIf you buy from Amazon USA, please support us by using this link.
Port details
krb5-116 MIT implementation of RFC 4120 network authentication service
1.16.1_5 security on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port
Maintainer: search for ports maintained by this maintainer
Port Added: 06 Dec 2017 04:18:23
License: MIT
Kerberos V5 is an authentication system developed at MIT.

Abridged from the User Guide:
       Under Kerberos, a client sends a request for a ticket to the
   Key Distribution Center (KDC). The KDC creates a ticket-granting
   ticket (TGT) for the client, encrypts it using the client's
   password as the key, and sends the encrypted TGT back to the
   client. The client then attempts to decrypt the TGT, using
   its password. If the client successfully decrypts the TGT, it
   keeps the decrypted TGT, which indicates proof of the client's
   identity. The TGT permits the client to obtain additional tickets,
   which give permission for specific services.
       Since Kerberos negotiates authenticated, and optionally encrypted,
   communications between two points anywhere on the internet, it
   provides a layer of security that is not dependent on which side of a
   firewall either client is on.
       The Kerberos V5 package is designed to be easy to use. Most of the
   commands are nearly identical to UNIX network programs you are already
   used to. Kerberos V5 is a single-sign-on system, which means that you
   have to type your password only once per session, and Kerberos does
   the authenticating and encrypting transparently.

Jacques Vidrine <>
SVNWeb : Homepage : PortsMon
    Pseudo-pkg-plist information, but much better, from make generate-plist
    Expand this list (178 items)
  1. /usr/local/share/licenses/krb5-116-1.16.1_5/
  2. /usr/local/share/licenses/krb5-116-1.16.1_5/LICENSE
  3. /usr/local/share/licenses/krb5-116-1.16.1_5/MIT
  4. bin/compile_et
  5. bin/gss-client
  6. bin/k5srvutil
  7. bin/kadmin
  8. bin/kdestroy
  9. bin/kinit
  10. bin/klist
  11. bin/kpasswd
  12. bin/krb5-config
  13. @mode 04755
  14. @owner root
  15. @group wheel
  16. bin/ksu
  17. @mode
  18. @owner root
  19. @group wheel
  20. bin/kswitch
  21. bin/ktutil
  22. bin/kvno
  23. bin/sclient
  24. bin/sim_client
  25. bin/uuclient
  26. include/com_err.h
  27. include/gssapi.h
  28. include/gssapi/gssapi.h
  29. include/gssapi/gssapi_ext.h
  30. include/gssapi/gssapi_generic.h
  31. include/gssapi/gssapi_krb5.h
  32. include/gssapi/mechglue.h
  33. include/gssrpc/auth.h
  34. include/gssrpc/auth_gss.h
  35. include/gssrpc/auth_gssapi.h
  36. include/gssrpc/auth_unix.h
  37. include/gssrpc/clnt.h
  38. include/gssrpc/netdb.h
  39. include/gssrpc/pmap_clnt.h
  40. include/gssrpc/pmap_prot.h
  41. include/gssrpc/pmap_rmt.h
  42. include/gssrpc/rename.h
  43. include/gssrpc/rpc.h
  44. include/gssrpc/rpc_msg.h
  45. include/gssrpc/svc.h
  46. include/gssrpc/svc_auth.h
  47. include/gssrpc/types.h
  48. include/gssrpc/xdr.h
  49. include/krad.h
  50. include/krb5.h
  51. include/krb5/ccselect_plugin.h
  52. include/krb5/clpreauth_plugin.h
  53. include/krb5/hostrealm_plugin.h
  54. include/krb5/kadm5_hook_plugin.h
  55. include/krb5/kdcpolicy_plugin.h
  56. include/krb5/kdcpreauth_plugin.h
  57. include/krb5/localauth_plugin.h
  58. include/krb5/krb5.h
  59. include/krb5/locate_plugin.h
  60. include/krb5/plugin.h
  61. include/krb5/pwqual_plugin.h
  62. include/kadm5/admin.h
  63. include/kadm5/chpass_util_strings.h
  64. include/krb5/kadm5_auth_plugin.h
  65. include/kadm5/kadm_err.h
  66. include/kdb.h
  67. include/krb5/certauth_plugin.h
  68. include/krb5/preauth_plugin.h
  69. include/profile.h
  70. include/verto-module.h
  71. include/verto.h
  72. lib/
  73. lib/
  74. lib/
  75. lib/
  76. lib/
  77. lib/
  78. lib/
  79. lib/
  80. lib/
  81. lib/
  82. lib/
  83. lib/
  84. lib/
  85. lib/
  86. lib/
  87. lib/
  88. lib/
  89. lib/
  90. lib/
  91. lib/
  92. lib/
  93. lib/
  94. lib/
  95. lib/
  96. lib/
  97. lib/
  98. lib/
  99. lib/
  100. lib/
  101. lib/krb5/plugins/kdb/
  102. lib/krb5/plugins/tls/
  103. @comment lib/krb5/plugins/kdb/
  104. lib/krb5/plugins/preauth/
  105. lib/krb5/plugins/preauth/
  106. lib/krb5/plugins/preauth/
  107. @comment lib/
  108. @comment lib/
  109. @comment lib/
  110. lib/
  111. lib/
  112. lib/
  113. lib/
  114. lib/
  115. lib/
  116. libdata/pkgconfig/gssrpc.pc
  117. libdata/pkgconfig/kadm-client.pc
  118. libdata/pkgconfig/kadm-server.pc
  119. libdata/pkgconfig/kdb.pc
  120. libdata/pkgconfig/krb5-gssapi.pc
  121. libdata/pkgconfig/krb5.pc
  122. libdata/pkgconfig/mit-krb5-gssapi.pc
  123. libdata/pkgconfig/mit-krb5.pc
  124. man/man1/compile_et.1.gz
  125. man/man1/k5srvutil.1.gz
  126. man/man1/kadmin.1.gz
  127. man/man1/kdestroy.1.gz
  128. man/man1/kinit.1.gz
  129. man/man1/klist.1.gz
  130. man/man1/kpasswd.1.gz
  131. man/man1/krb5-config.1.gz
  132. man/man1/ksu.1.gz
  133. man/man1/kswitch.1.gz
  134. man/man1/ktutil.1.gz
  135. man/man1/kvno.1.gz
  136. man/man1/sclient.1.gz
  137. man/man3/com_err.3.gz
  138. man/man5/.k5identity.5.gz
  139. man/man5/.k5login.5.gz
  140. man/man5/k5identity.5.gz
  141. man/man5/k5login.5.gz
  142. man/man5/kadm5.acl.5.gz
  143. man/man5/kdc.conf.5.gz
  144. man/man5/krb5.conf.5.gz
  145. man/man8/kadmin.local.8.gz
  146. man/man8/kadmind.8.gz
  147. man/man8/kdb5_ldap_util.8.gz
  148. man/man8/kdb5_util.8.gz
  149. man/man8/kprop.8.gz
  150. man/man8/kpropd.8.gz
  151. man/man8/kproplog.8.gz
  152. man/man8/krb5kdc.8.gz
  153. man/man8/sserver.8.gz
  154. sbin/gss-server
  155. sbin/kadmin.local
  156. sbin/kadmind
  157. @comment sbin/kdb5_ldap_util
  158. sbin/kdb5_util
  159. sbin/kprop
  160. sbin/kpropd
  161. sbin/kproplog
  162. sbin/krb5-send-pr
  163. sbin/krb5kdc
  164. sbin/sim_server
  165. sbin/sserver
  166. sbin/uuserver
  167. share/et/et_c.awk
  168. share/et/et_h.awk
  169. share/locale/de/LC_MESSAGES/
  170. share/locale/en_US/LC_MESSAGES/
  171. @comment share/krb5/kerberos.schema
  172. @comment share/krb5/kerberos.ldif
  173. @dir lib/krb5/plugins/authdata
  174. @dir lib/krb5/plugins/libkrb5
  175. @dir var/run/krb5kdc
  176. @dir var/krb5kdc
  177. @postexec /usr/sbin/service ldconfig restart > /dev/null
  178. @postunexec /usr/sbin/service ldconfig restart > /dev/null
  179. Collapse this list.

To install the port: cd /usr/ports/security/krb5-116/ && make install clean
To add the package: pkg install krb5-116

PKGNAME: krb5-116


TIMESTAMP = 1525411805
SHA256 (krb5-1.16.1.tar.gz) = 214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117
SIZE (krb5-1.16.1.tar.gz) = 9477480

Slave ports
  1. security/krb5

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. gmake : devel/gmake
  2. libtool : devel/libtool
  3. msgfmt : devel/gettext-tools
  4. perl5>=5.26<5.27 : lang/perl5.26
Runtime dependencies:
  1. pkgconf>=1.3.0_1 : devel/pkgconf
Library dependencies:
  1. : devel/gettext-runtime
  2. : devel/readline
There are no ports dependent upon this port

Configuration Options
===> The following configuration options are available for krb5-116-1.16.1_5:
     DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names
     EXAMPLES=on: Build and/or install examples
     KRB5_HTML=on: Install krb5 HTML documentation
     KRB5_PDF=on: Install krb5 PDF documentation
     LDAP=off: LDAP protocol support
     NLS=on: Native Language Support
====> Command line editing for kadmin and ktutil: you can only select none or one of them
     READLINE=on: Command line editing via libreadline
     READLINE_PORT=off: Command line editing via devel/readline
     LIBEDIT=off: Command line editing via libedit
===> Use 'make config' to modify these settings

cpe gmake localbase perl5 libtool:build  gssapi:bootstrap,mit pkgconfig:run ssl  gettext-runtime gettext readline

    • heimdal-[0-9]*
    • srp-[0-9]*
    • krb5-11[34]-[0-9]*
    • krb5-1.[0-9]*
    • krb5-devel-*
    • boringssl-*
Master Sites:

Number of commits found: 13

Commit History - (may be incomplete: see SVNWeb link above for full details)
02 Jul 2018 05:57:38
Original commit files touched by this commit  1.16.1_5
cy search for other commits by this committer
While working the ports fallout due to making Hemidal in base
private it was discovered that com_err.3, though distributed in
the tarball, was not installed. Install it.
02 Jul 2018 05:57:27
Original commit files touched by this commit  1.16.1_4
cy search for other commits by this committer
Sort man pages.
19 Jun 2018 13:38:35
Original commit files touched by this commit  1.16.1_4
cy search for other commits by this committer
Revert r472760 and instead use upstream git commit
beeb2828945a41d86488e391ce440bacee0ec committed to the krb5
development branch Saturday, June 16. The upstream commit
message follows:

  Author: Thomas Sondergaard <>
  Date:   Sat Jun 16 18:14:50 2018 +0200

     Eliminate use of the 'register' keyword

     'register' is a reserved and unused keyword in C++17 so having it
     present in the public headers presents a a compatibility issue. Also
     in C the 'register' keyword is mostly obsolete, so remove all uses of

     [ adjusted style of some of the affected lines]
19 Jun 2018 06:51:56
Original commit files touched by this commit  1.16.1_3
cy search for other commits by this committer
While working on the ports fallout due to the private Heimdal in base
project, a port (www/squid-devel) was discovered to be grumpy due to
numerous errors such as below:

/usr/local/include/krb5/krb5.h:3566:19: error: 'register' storage class
specifier is deprecated and incompatible with C++17
                  register char **name);

The "register" keyword is meaningless and can cause grief among ports
that build against any of the krb5 ports.
13 Jun 2018 05:55:52
Original commit files touched by this commit  1.16.1_2
cy search for other commits by this committer
MIT krb5 fails to build with boringssl installed due to a missing
typedef for PKCS7 in the boringssl pkcs7.h.
13 Jun 2018 05:44:58
Original commit files touched by this commit  1.16.1_2
cy search for other commits by this committer
Fix build with libressl and bearssl.

PR:		228970
12 Jun 2018 03:42:18
Original commit files touched by this commit  1.16.1_1
cy search for other commits by this committer
Fix logic from patch supplied in PR 217027, committed in
r433966 and r433967.

PR:		228900
04 May 2018 06:18:44
Original commit files touched by this commit  1.16.1
cy search for other commits by this committer
Update 1.16 --> 1.16.1

Major changes in 1.16.1 (2018-05-03)

This is a bug fix release.

* Fix flaws in LDAP DN checking, including a null dereference KDC
  crash which could be triggered by kadmin clients with administrative
  privileges [CVE-2018-5729, CVE-2018-5730].

* Fix a KDC PKINIT memory leak.

* Fix a small KDC memory leak on transited or authdata errors when
  processing TGS requests.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
29 Mar 2018 14:53:24
Original commit files touched by this commit  1.16_1
mat search for other commits by this committer
Mark some ports broken with openssl-devel.

Sponsored by:	Absolight
02 Feb 2018 06:50:25
Original commit files touched by this commit  1.16_1
cy search for other commits by this committer
Fix build when NLS option is unchecked.

Reported by:	Geraud CONTINSOUZAS <>
11 Jan 2018 16:24:53
Original commit files touched by this commit  1.16
danfe search for other commits by this committer
Remove superfluous linefeeds.
10 Jan 2018 15:08:51
Original commit files touched by this commit  1.16
danfe search for other commits by this committer
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files which are not actually manual pages.
06 Dec 2017 04:18:14
Original commit files touched by this commit  1.16
cy search for other commits by this committer
Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.

Major changes in 1.16 (2017-12-05)

Administrator experience:

* The KDC can match PKINIT client certificates against the
  "pkinit_cert_match" string attribute on the client principal entry,
  using the same syntax as the existing "pkinit_cert_match" profile

* The ktutil addent command supports the "-k 0" option to ignore the
  key version, and the "-s" option to use a non-default salt string.
(Only the first 15 lines of the commit message are shown above View all of this commit message)

Number of commits found: 13

User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
libsshOct 17
libgit2Oct 15
giteaOct 11
jenkinsOct 11
jenkins-ltsOct 11
toxOct 11
tincOct 09
tinc-develOct 09
gitlab-ceOct 05
clamavOct 03
py-django21Oct 03
firefoxOct 02
firefox-esrOct 02
libxulOct 02
linux-firefoxOct 02

9 vulnerabilities affecting 37 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2018-10-17 16:55:06

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 35651
Broken 62
Deprecated 513
Ignore 343
Forbidden 3
Restricted 162
Vulnerable 34
Expired 4
Set to expire 486
Interactive 0
new 24 hours 15
new 48 hours20
new 7 days35
new fortnight132
new month232

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2018 Dan Langille. All rights reserved.