notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
Port details
krb5-120 MIT implementation of RFC 4120 network authentication service
1.20.2 security on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 1.20.2Version of this port present on the latest quarterly branch.
Maintainer: search for ports maintained by this maintainer
Port Added: 2022-05-27 13:48:19
Last Update: 2023-08-09 23:43:03
Commit Hash: e89f841
License: MIT
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port
pkg-plist: as obtained via: make generate-plist
Expand this list (184 items)
Collapse this list.
  1. @ldconfig
  2. /usr/local/share/licenses/krb5-120-1.20.2/
  3. /usr/local/share/licenses/krb5-120-1.20.2/LICENSE
  4. /usr/local/share/licenses/krb5-120-1.20.2/MIT
  5. bin/compile_et
  6. bin/gss-client
  7. bin/k5srvutil
  8. bin/kadmin
  9. bin/kdestroy
  10. bin/kinit
  11. bin/klist
  12. bin/kpasswd
  13. bin/krb5-config
  14. @mode 04755
  15. @owner root
  16. @group wheel
  17. bin/ksu
  18. @mode
  19. @owner root
  20. @group wheel
  21. bin/kswitch
  22. bin/ktutil
  23. bin/kvno
  24. bin/sclient
  25. bin/sim_client
  26. bin/uuclient
  27. include/com_err.h
  28. include/gssapi.h
  29. include/gssapi/gssapi.h
  30. include/gssapi/gssapi_alloc.h
  31. include/gssapi/gssapi_ext.h
  32. include/gssapi/gssapi_generic.h
  33. include/gssapi/gssapi_krb5.h
  34. include/gssapi/mechglue.h
  35. include/gssrpc/auth.h
  36. include/gssrpc/auth_gss.h
  37. include/gssrpc/auth_gssapi.h
  38. include/gssrpc/auth_unix.h
  39. include/gssrpc/clnt.h
  40. include/gssrpc/netdb.h
  41. include/gssrpc/pmap_clnt.h
  42. include/gssrpc/pmap_prot.h
  43. include/gssrpc/pmap_rmt.h
  44. include/gssrpc/rename.h
  45. include/gssrpc/rpc.h
  46. include/gssrpc/rpc_msg.h
  47. include/gssrpc/svc.h
  48. include/gssrpc/svc_auth.h
  49. include/gssrpc/types.h
  50. include/gssrpc/xdr.h
  51. include/krad.h
  52. include/krb5.h
  53. include/krb5/ccselect_plugin.h
  54. include/krb5/clpreauth_plugin.h
  55. include/krb5/hostrealm_plugin.h
  56. include/krb5/kadm5_hook_plugin.h
  57. include/krb5/kdcpolicy_plugin.h
  58. include/krb5/kdcpreauth_plugin.h
  59. include/krb5/localauth_plugin.h
  60. include/krb5/krb5.h
  61. include/krb5/locate_plugin.h
  62. include/krb5/plugin.h
  63. include/krb5/pwqual_plugin.h
  64. include/kadm5/admin.h
  65. include/kadm5/chpass_util_strings.h
  66. include/krb5/kadm5_auth_plugin.h
  67. include/kadm5/kadm_err.h
  68. include/kdb.h
  69. include/krb5/certauth_plugin.h
  70. include/krb5/preauth_plugin.h
  71. include/profile.h
  72. include/verto-module.h
  73. include/verto.h
  74. lib/
  75. lib/
  76. lib/
  77. lib/
  78. lib/
  79. lib/
  80. lib/
  81. lib/
  82. lib/
  83. lib/
  84. lib/
  85. lib/
  86. lib/
  87. lib/
  88. lib/
  89. lib/
  90. lib/
  91. lib/
  92. lib/
  93. lib/
  94. lib/
  95. lib/
  96. lib/
  97. lib/
  98. lib/
  99. lib/
  100. lib/
  101. lib/
  102. lib/
  103. lib/krb5/plugins/kdb/
  104. @comment lib/krb5/plugins/kdb/
  105. lib/krb5/plugins/tls/
  106. @comment lib/krb5/plugins/kdb/
  107. lib/krb5/plugins/preauth/
  108. lib/krb5/plugins/preauth/
  109. lib/krb5/plugins/preauth/
  110. lib/krb5/plugins/preauth/
  111. @comment lib/
  112. @comment lib/
  113. @comment lib/
  114. lib/
  115. lib/
  116. lib/
  117. lib/
  118. lib/
  119. lib/
  120. libdata/pkgconfig/gssrpc.pc
  121. libdata/pkgconfig/kadm-client.pc
  122. libdata/pkgconfig/kadm-server.pc
  123. libdata/pkgconfig/kdb.pc
  124. libdata/pkgconfig/krb5-gssapi.pc
  125. libdata/pkgconfig/krb5.pc
  126. libdata/pkgconfig/mit-krb5-gssapi.pc
  127. libdata/pkgconfig/mit-krb5.pc
  128. man/man1/compile_et.1.gz
  129. man/man1/k5srvutil.1.gz
  130. man/man1/kadmin.1.gz
  131. man/man1/kdestroy.1.gz
  132. man/man1/kinit.1.gz
  133. man/man1/klist.1.gz
  134. man/man1/kpasswd.1.gz
  135. man/man1/krb5-config.1.gz
  136. man/man1/ksu.1.gz
  137. man/man1/kswitch.1.gz
  138. man/man1/ktutil.1.gz
  139. man/man1/kvno.1.gz
  140. man/man1/sclient.1.gz
  141. man/man5/.k5identity.5.gz
  142. man/man5/.k5login.5.gz
  143. man/man5/k5identity.5.gz
  144. man/man5/k5login.5.gz
  145. man/man5/kadm5.acl.5.gz
  146. man/man5/kdc.conf.5.gz
  147. man/man5/krb5.conf.5.gz
  148. man/man7/kerberos.7.gz
  149. man/man8/kadmin.local.8.gz
  150. man/man8/kadmind.8.gz
  151. man/man8/kdb5_ldap_util.8.gz
  152. man/man8/kdb5_util.8.gz
  153. man/man8/kprop.8.gz
  154. man/man8/kpropd.8.gz
  155. man/man8/kproplog.8.gz
  156. man/man8/krb5kdc.8.gz
  157. man/man8/sserver.8.gz
  158. sbin/gss-server
  159. sbin/kadmin.local
  160. sbin/kadmind
  161. @comment sbin/kdb5_ldap_util
  162. sbin/kdc
  163. sbin/kdb5_util
  164. sbin/kprop
  165. sbin/kpropd
  166. sbin/kproplog
  167. sbin/krb5-send-pr
  168. sbin/krb5kdc
  169. sbin/sim_server
  170. sbin/sserver
  171. sbin/uuserver
  172. share/et/et_c.awk
  173. share/et/et_h.awk
  174. share/locale/de/LC_MESSAGES/
  175. share/locale/en_US/LC_MESSAGES/
  176. @comment share/krb5/kerberos.schema
  177. @comment share/krb5/kerberos.ldif
  178. @dir lib/krb5/plugins/authdata
  179. @dir lib/krb5/plugins/libkrb5
  180. @dir var/run/krb5kdc
  181. @dir var/krb5kdc
  182. @owner
  183. @group
  184. @mode
Collapse this list.
Dependency lines:
  • krb5-120>0:security/krb5-120
  • heimdal
  • krb5
  • krb5-11*
  • krb5-121
  • boringssl
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/krb5-120/ && make install clean
To add the package, run one of these commands:
  • pkg install security/krb5-120
  • pkg install krb5-120
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: krb5-120
Flavors: there is no flavor information for this port.

Packages (timestamps in pop-ups are UTC):
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
  2. gettext-runtime>=0.22_1 : devel/gettext-runtime
  3. libtool : devel/libtool
  4. pkgconf>=1.3.0_1 : devel/pkgconf
  5. msgfmt : devel/gettext-tools
  6. autoconf>=2.71 : devel/autoconf
  7. automake>=1.16.5 : devel/automake
  8. perl5>=5.34<5.35 : lang/perl5.34
Library dependencies:
  1. : devel/gettext-runtime
  2. : devel/readline
There are no ports dependent upon this port

Configuration Options:
Options name:
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
Collapse this list.

Number of commits found: 14

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
09 Aug 2023 23:43:03
commit hash:e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash:e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash:e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash:e89f84156a8fcb2f81c1f962845f4456b2f62f63 files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5: Support libedit in base

Even though libedit is in base FreeBSD, the krb5 ports still depend
on devel/libedit when the LIBEDIT option is selected. This is because
./configure uses pkgconf to determine if libedit exists, ignoring
libedit in FreeBSD base. This patch adds a new LIBEDIT_BASE option
which enables LIBEDIT (LIBEDIT_BASE) without installing the
devel/libedit port.

The GNU READLINE option will remain the default for now but it is
planned to switch the default to LIBEDIT_BASE at some point. This is
to reduce the dependency on GNU software and to bring it more into
line with the planned MIT KRB5 import into FreeBSD base.
09 Aug 2023 23:24:40
commit hash:0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash:0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash:0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash:0b58b7b475e3100adfb3b532f2dfb9505e79bf83 files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5*: Disable NLS when option is deselected

When the NLS option is deselected, ./configure reverts to
enable_nls=check. As some prerequisites do require NLS, NLS is
always enabled even when deslected. This ensures that when NLS
is not wanted, that it is not used, regardless of its install status.
08 Jul 2023 04:30:18
commit hash:af1e212baa35cc97e97b257ef89f1a2036b8764ecommit hash:af1e212baa35cc97e97b257ef89f1a2036b8764ecommit hash:af1e212baa35cc97e97b257ef89f1a2036b8764ecommit hash:af1e212baa35cc97e97b257ef89f1a2036b8764e files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5-120: Update to 1.20.2

MFH:		2023Q3
06 Jun 2023 18:35:41
commit hash:c9f69ef9aa8ad9abf21ad50ad1ff54925421c395commit hash:c9f69ef9aa8ad9abf21ad50ad1ff54925421c395commit hash:c9f69ef9aa8ad9abf21ad50ad1ff54925421c395commit hash:c9f69ef9aa8ad9abf21ad50ad1ff54925421c395 files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5-*: Adjust conflicts

With the import of security/krb5-121, adjust conflicts of all krb5 ports.
08 Feb 2023 10:53:56
commit hash:6e1233be229212a0496f42d611bd40f3e3a628dacommit hash:6e1233be229212a0496f42d611bd40f3e3a628dacommit hash:6e1233be229212a0496f42d611bd40f3e3a628dacommit hash:6e1233be229212a0496f42d611bd40f3e3a628da files touched by this commit
Muhammad Moinur Rahman (bofh) search for other commits by this committer
Mk/** Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision:
15 Nov 2022 17:19:00
commit hash:abcf942f2ba44a1f333ce3daa2b8961202351a09commit hash:abcf942f2ba44a1f333ce3daa2b8961202351a09commit hash:abcf942f2ba44a1f333ce3daa2b8961202351a09commit hash:abcf942f2ba44a1f333ce3daa2b8961202351a09 files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5-120: Update to 1.20.1

MFH:		2022Q4
Security:	CVE-2022-42898
15 Nov 2022 16:37:02
commit hash:de40003bfd697e98cdd342e253699e83e1040961commit hash:de40003bfd697e98cdd342e253699e83e1040961commit hash:de40003bfd697e98cdd342e253699e83e1040961commit hash:de40003bfd697e98cdd342e253699e83e1040961 files touched by this commit
Cy Schubert (cy) search for other commits by this committer
security/krb5-*: Address CVE-2022-42898

Topic: Vulnerabilities in PAC parsing

CVE-2022-42898: integer overflow vulnerabilities in PAC parsing


Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().

(Only the first 15 lines of the commit message are shown above View all of this commit message)
30 Oct 2022 15:43:23
commit hash:5a84f8764063d95a1f6f2965785fd9b7effbb40fcommit hash:5a84f8764063d95a1f6f2965785fd9b7effbb40fcommit hash:5a84f8764063d95a1f6f2965785fd9b7effbb40fcommit hash:5a84f8764063d95a1f6f2965785fd9b7effbb40f files touched by this commit This port version is marked as vulnerable.
Felix Palmen (zirias) search for other commits by this committer
security/krb5-120: Fix build with libressl 3.5

Approved by:		cy (maintainer), tcberner (mentor)
Differential Revision:
09 Sep 2022 15:19:05
commit hash:096a9baeef9f45bd2ae0e963585bdab9f31a3864commit hash:096a9baeef9f45bd2ae0e963585bdab9f31a3864commit hash:096a9baeef9f45bd2ae0e963585bdab9f31a3864commit hash:096a9baeef9f45bd2ae0e963585bdab9f31a3864 files touched by this commit This port version is marked as vulnerable.
Cy Schubert (cy) search for other commits by this committer
security/krb5-*: Bring CONFLICTS up to current status

Clean up CONFLICTS bitrot.

MFH:		2022Q3
08 Sep 2022 15:46:38
commit hash:ade2a047e0eb835f7f42682496614cfd259757eacommit hash:ade2a047e0eb835f7f42682496614cfd259757eacommit hash:ade2a047e0eb835f7f42682496614cfd259757eacommit hash:ade2a047e0eb835f7f42682496614cfd259757ea files touched by this commit This port version is marked as vulnerable.
Stefan Eßer (se) search for other commits by this committer
Remove WWW lines that have been moved into Makefiles

Approved by:	portmgr (implicit)
08 Sep 2022 15:43:21
commit hash:986beaaabc71b9e7e29e7e89e0f36405b687216fcommit hash:986beaaabc71b9e7e29e7e89e0f36405b687216fcommit hash:986beaaabc71b9e7e29e7e89e0f36405b687216fcommit hash:986beaaabc71b9e7e29e7e89e0f36405b687216f files touched by this commit This port version is marked as vulnerable.
Stefan Eßer (se) search for other commits by this committer
Move more WWW entries from pkg-descr files into Makefiles

The WWW: lines in the pkg-descr files of these ports where not at the
end of those files and have been missed in prior conversion runs.

Approved by:	portmgr (implicit)
20 Jul 2022 14:22:56
commit hash:857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash:857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash:857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash:857c05f8674c5f4c990f49f9d0fb7034ebd340fe files touched by this commit This port version is marked as vulnerable.
Tobias C. Berner (tcberner) search for other commits by this committer
security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <>
  *  Aaron Dalton <>
  *  Adam Weinberger <>
  *  Ade Lovett <>
  *  Aldis Berjoza <>
  *  Alex Dupre <>
  *  Alex Kapranoff <>
  *  Alex Samorukov <>
  *  Alexander Botero-Lowry <>
  *  Alexander Kriventsov <>
  *  Alexander Leidinger <>
(Only the first 15 lines of the commit message are shown above View all of this commit message)
16 Jun 2022 19:49:54
commit hash:5fce6afe2a3016cb8893bf52344410eb4e13278bcommit hash:5fce6afe2a3016cb8893bf52344410eb4e13278bcommit hash:5fce6afe2a3016cb8893bf52344410eb4e13278bcommit hash:5fce6afe2a3016cb8893bf52344410eb4e13278b files touched by this commit This port version is marked as vulnerable.
Cy Schubert (cy) search for other commits by this committer
security/krb5-120: MIT KRB5 1.20 does not support LibreSSL

MIT KRB5 does not support LibreSSL and requires a function only
found in OpenSSL. Therefore mark libressl and libressl-devel IGNORE.

pkinit_crypto_openssl.c:334:14: error: implicit declaration of function
'EVP_PKEY_param_check' is invalid in C99
    result = EVP_PKEY_param_check(ctx);

EVP_PKEY_param_check(), an OpenSSL function, is not supported by LibreSSL.
27 May 2022 13:45:07
commit hash:d33c01d9cc1864a2be757fb99caa63223cfe5519commit hash:d33c01d9cc1864a2be757fb99caa63223cfe5519commit hash:d33c01d9cc1864a2be757fb99caa63223cfe5519commit hash:d33c01d9cc1864a2be757fb99caa63223cfe5519 files touched by this commit This port version is marked as vulnerable.
Cy Schubert (cy) search for other commits by this committer
security/krb5-120: Welcome new krb5 1.20

Welcome the new krb5-120 (1.20) from MIT.

krb5-118 is now deprecated and scheduled for removal a year from

Number of commits found: 14