Port details |
- krb5-120 MIT implementation of RFC 4120 network authentication service
- 1.20.2 security
=0 1.20.2Version of this port present on the latest quarterly branch. - Maintainer: cy@FreeBSD.org
 - Port Added: 2022-05-27 13:48:19
- Last Update: 2023-08-09 23:43:03
- Commit Hash: e89f841
- License: MIT
- Description:
- Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
¦ ¦ ¦ ¦ 
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- krb5-120>0:security/krb5-120
- Conflicts:
- CONFLICTS:
- heimdal
- krb5
- krb5-11*
- krb5-121
- CONFLICTS_BUILD:
- Conflicts Matches:
-
There are no Conflicts Matches for this port. This is usually an error.
- To install the port:
- cd /usr/ports/security/krb5-120/ && make install clean
- To add the package, run one of these commands:
- pkg install security/krb5-120
- pkg install krb5-120
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: krb5-120
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1688790054
SHA256 (krb5-1.20.2.tar.gz) = 7d8d687d42aed350c2525cb69a4fc3aa791694da6761dccc1c42c2ee7796b5dd
SIZE (krb5-1.20.2.tar.gz) = 8662259
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- gmake>=4.3 : devel/gmake
- gettext-runtime>=0.22_1 : devel/gettext-runtime
- libtool : devel/libtool
- pkgconf>=1.3.0_1 : devel/pkgconf
- msgfmt : devel/gettext-tools
- autoconf>=2.71 : devel/autoconf
- automake>=1.16.5 : devel/automake
- perl5>=5.34<5.35 : lang/perl5.34
- Library dependencies:
-
- libintl.so : devel/gettext-runtime
- libreadline.so.8 : devel/readline
- There are no ports dependent upon this port
Configuration Options:
- ===> The following configuration options are available for krb5-120-1.20.2:
DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names
EXAMPLES=on: Build and/or install examples
KRB5_HTML=on: Install krb5 HTML documentation
KRB5_PDF=on: Install krb5 PDF documentation
LDAP=off: LDAP protocol support
LMDB=off: OpenLDAP Lightning Memory-Mapped Database support
NLS=on: Native Language Support
====> Command line editing for kadmin and ktutil: you can only select none or one of them
READLINE=on: Command line editing via libreadline
LIBEDIT=off: Command line editing via libedit
LIBEDIT_BASE=off: Use libedit in FreeBSD base
===> Use 'make config' to modify these settings
- Options name:
- security_krb5-120
- USES:
- autoreconf compiler:c++11-lang cpe gmake gettext-runtime gssapi:bootstrap,mit libtool:build localbase perl5 pkgconfig ssl gettext readline
- FreshPorts was unable to extract/find any pkg message
- Master Sites:
|
Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.20.2 09 Aug 2023 23:43:03
    |
Cy Schubert (cy)  |
security/krb5: Support libedit in base
Even though libedit is in base FreeBSD, the krb5 ports still depend
on devel/libedit when the LIBEDIT option is selected. This is because
./configure uses pkgconf to determine if libedit exists, ignoring
libedit in FreeBSD base. This patch adds a new LIBEDIT_BASE option
which enables LIBEDIT (LIBEDIT_BASE) without installing the
devel/libedit port.
The GNU READLINE option will remain the default for now but it is
planned to switch the default to LIBEDIT_BASE at some point. This is
to reduce the dependency on GNU software and to bring it more into
line with the planned MIT KRB5 import into FreeBSD base. |
1.20.2 09 Aug 2023 23:24:40
    |
Cy Schubert (cy)  |
security/krb5*: Disable NLS when option is deselected
When the NLS option is deselected, ./configure reverts to
enable_nls=check. As some prerequisites do require NLS, NLS is
always enabled even when deslected. This ensures that when NLS
is not wanted, that it is not used, regardless of its install status. |
1.20.2 08 Jul 2023 04:30:18
    |
Cy Schubert (cy)  |
security/krb5-120: Update to 1.20.2
MFH: 2023Q3 |
1.20.1 06 Jun 2023 18:35:41
    |
Cy Schubert (cy)  |
security/krb5-*: Adjust conflicts
With the import of security/krb5-121, adjust conflicts of all krb5 ports. |
1.20.1 08 Feb 2023 10:53:56
    |
Muhammad Moinur Rahman (bofh)  |
Mk/**ldap.mk: Convert USE_LDAP to USES=ldap
Convert the USE_LDAP=yes to USES=ldap and adds the following features:
- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features
Reviewed by: delphij
Approved by: portmgr
Differential Revision: https://reviews.freebsd.org/D38233 |
1.20.1 15 Nov 2022 17:19:00
    |
Cy Schubert (cy)  |
security/krb5-120: Update to 1.20.1
MFH: 2022Q4
Security: CVE-2022-42898 |
1.20_1 15 Nov 2022 16:37:02
    |
Cy Schubert (cy)  |
security/krb5-*: Address CVE-2022-42898
Topic: Vulnerabilities in PAC parsing
CVE-2022-42898: integer overflow vulnerabilities in PAC parsing
SUMMARY
=======
Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().
IMPACT
======
(Only the first 15 lines of the commit message are shown above ) |
1.20 30 Oct 2022 15:43:23
    |
Felix Palmen (zirias)  |
security/krb5-120: Fix build with libressl 3.5
Approved by: cy (maintainer), tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D37046 |
1.20 09 Sep 2022 15:19:05
    |
Cy Schubert (cy)  |
security/krb5-*: Bring CONFLICTS up to current status
Clean up CONFLICTS bitrot.
MFH: 2022Q3 |
1.20 08 Sep 2022 15:46:38
    |
Stefan Eßer (se)  |
Remove WWW lines that have been moved into Makefiles
Approved by: portmgr (implicit) |
1.20 08 Sep 2022 15:43:21
    |
Stefan Eßer (se)  |
Move more WWW entries from pkg-descr files into Makefiles
The WWW: lines in the pkg-descr files of these ports where not at the
end of those files and have been missed in prior conversion runs.
Approved by: portmgr (implicit) |
1.20 20 Jul 2022 14:22:56
    |
Tobias C. Berner (tcberner)  |
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Adam Weinberger <adamw@FreeBSD.org>
* Ade Lovett <ade@FreeBSD.org>
* Aldis Berjoza <aldis@bsdroot.lv>
* Alex Dupre <ale@FreeBSD.org>
* Alex Kapranoff <kappa@rambler-co.ru>
* Alex Samorukov <samm@freebsd.org>
* Alexander Botero-Lowry <alex@foxybanana.com>
* Alexander Kriventsov <avk@vl.ru>
* Alexander Leidinger <netchild@FreeBSD.org> (Only the first 15 lines of the commit message are shown above ) |
1.20 16 Jun 2022 19:49:54
    |
Cy Schubert (cy)  |
security/krb5-120: MIT KRB5 1.20 does not support LibreSSL
MIT KRB5 does not support LibreSSL and requires a function only
found in OpenSSL. Therefore mark libressl and libressl-devel IGNORE.
pkinit_crypto_openssl.c:334:14: error: implicit declaration of function
'EVP_PKEY_param_check' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
result = EVP_PKEY_param_check(ctx);
EVP_PKEY_param_check(), an OpenSSL function, is not supported by LibreSSL. |
1.20 27 May 2022 13:45:07
    |
Cy Schubert (cy)  |
security/krb5-120: Welcome new krb5 1.20
Welcome the new krb5-120 (1.20) from MIT.
krb5-118 is now deprecated and scheduled for removal a year from
now. |