Building OpenSSH with Heimdal/Kerberos on OpenBSD

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




I'm new to openbsd to please excuse if some of the following questions are stupid (I did google).

Am I supposed to build OpenSSH from the non-portable version with Kerberos on a rather fresh install of OpenBSD 6.4?

I did download OpenSSH-7.9, followed instructions in README and it builds ok.

I have installed heimdal via pkg_ad and have the commands and the libs are in /usr/local/heimdal/libs. kinit works.


SSH: -------

When I go to the ssh folder and edit the makefile to set kerberos=yes I get errors. I had to change the kerberos include path add an LDFLAG to point it to the heimdal lib folder.

Then it was missing choking on -lcom_err and I had to point it to /usr/local/lib as well. (Meanwhile I had compiled heimdal from the ports package, so I don't know if libcom_err.so was there in the first place or came with the heimdal compile).

Then it turned out that gss-genr.c needed to be added to SRCS in the Makefile.

I guess the lib paths may be my lack of understanding OpenBSD, but teh missing source looks like a bug in the Makefile to me.



SSHD: -------

Similar things happened with sshd. Once I added the lib-paths and include-paths, I got error messages. Essentially some include files were missing in various files to make them compile, e.g. in gss-serv.c




QUESTIONS: -------

I guess the missing paths are my fault one way or another, but I wonder if I should compile it based on heimdal or (seening the different include path originally pointing to "/usr/include/KerberosV") if I should use a different kerberos package (self compiled MIT or something).

Also, judging from the compile errors in sshd, once -DGSSAPI is enabled, I guess these are real errors.

So another question is, if it is so unusual to use OpenBSD with ssh and Kerberos, that nobody tried it in a long time. Should I build the portable version instead or what else should I do (make a patch, if so, including the new lib paths?)


Thanks


Markus Schmidt

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux