diff options
| author | jlam <jlam@pkgsrc.org> | 2008-02-28 14:11:55 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2008-02-28 14:11:55 +0000 |
| commit | 8f80571759d315e294d078cdb2d9aaf32ef9ffb7 (patch) | |
| tree | 208a4e0f75ad5d5ef4c8fae6dc99bff8826c69fe /security/heimdal | |
| parent | 0b69080405492f7e01212aa54cc292c60717a7fa (diff) | |
| download | pkgsrc-8f80571759d315e294d078cdb2d9aaf32ef9ffb7.tar.gz | |
Update security/heimdal to version 1.1. Changes from version 0.7.2 include:
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
Diffstat (limited to 'security/heimdal')
| -rw-r--r-- | security/heimdal/options.mk | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/security/heimdal/options.mk b/security/heimdal/options.mk new file mode 100644 index 00000000000..b1c27bbcc44 --- /dev/null +++ b/security/heimdal/options.mk @@ -0,0 +1,68 @@ +# $NetBSD: options.mk,v 1.1 2008/02/28 14:11:55 jlam Exp $ + +PKG_OPTIONS_VAR= PKG_OPTIONS.heimdal +PKG_SUPPORTED_OPTIONS= inet6 kerberos-prefix-cmds ldap +PKG_SUGGESTED_OPTIONS= inet6 + +.include "../../mk/bsd.options.mk" + +### +### IPv6 support. +### +.if !empty(PKG_OPTIONS:Minet6) +CONFIGURE_ARGS+= --with-ipv6 +.else +CONFIGURE_ARGS+= --without-ipv6 +.endif + +### +### Support using LDAP as a KDC backend. +### +.if !empty(PKG_OPTIONS:Mldap) +. include "../../databases/openldap-client/buildlink3.mk" +CONFIGURE_ARGS+= --with-openldap=${BUILDLINK_PREFIX.openldap-client} +PLIST_SUBST+= LDAP="" + +post-install: heimdal-ldap-schema +heimdal-ldap-schema: + ${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share/examples/heimdal + ${INSTALL_DATA} ${WRKSRC}/lib/hdb/hdb.schema \ + ${DESTDIR}${PREFIX}/share/examples/heimdal +.else +PLIST_SUBST+= LDAP="@comment " +.endif + +### +### Rename some of Heimdal's applications so they won't conflict with +### other packages. +### +.if !empty(PKG_OPTIONS:Mkerberos-prefix-cmds) +KRB5_PREFIX= k +HEIMDAL_TRANSFORM= s/^ftp/${KRB5_PREFIX}&/; \ + s/^login/${KRB5_PREFIX}&/; \ + s/^${KRB5_PREFIX}login.access/login.access/; \ + s/^rcp/${KRB5_PREFIX}&/; \ + s/^rsh/${KRB5_PREFIX}&/; \ + s/^su/${KRB5_PREFIX}&/; \ + s/^telnet/${KRB5_PREFIX}&/ +.else +KRB5_PREFIX= # empty +HEIMDAL_TRANSFORM= s/^ftp/k&/ +.endif + +PLIST_SUBST+= KRB5_PREFIX=${KRB5_PREFIX:Q} +CONFIGURE_ARGS+= --program-transform-name=${HEIMDAL_TRANSFORM:Q} +# +# Fix some places in the Heimdal sources that don't point to the correct +# Kerberized binaries when exec'ing programs. +# +SUBST_CLASSES+= heimdal +SUBST_STAGE.heimdal= pre-configure +SUBST_FILES.heimdal= appl/rcp/rcp.c appl/rcp/rcp_locl.h \ + appl/rsh/rsh_locl.h \ + appl/telnet/telnetd/telnetd.h +SUBST_SED.heimdal= \ + -e "/RSH_PROGRAM/s,rsh,${KRB5_PREFIX}rsh,g" \ + -e "/PATH_RSH/s,\"/usr/bin/rsh\",BINDIR \"${KRB5_PREFIX}rsh\",g" \ + -e "/PATH_RSH/s,/rsh,/${KRB5_PREFIX}rsh,g" \ + -e "/PATH_LOGIN/s,/login,/${KRB5_PREFIX}login,g" |