Re: Remove Heimdal Kerberos from my FreeBSD
On Mon, Jul 18, 2005 at 09:44:35PM +0930, Daniel O'Connor wrote: > There is always a trade off but it seems most people don't think Heimdal is > insecure enough to disable by default. (Has it has any bugs that have been > exploitable in an unused configuration recently? I don't believe so). In the last two years, there have been some nasty problems in Heimdal, not as bad as MIT krb5 though. This is from memory, I might be wrong. For the original poster, the default is a trade-off, it has both postive and negative sides. In DragonFly, we still default to OFF, mostly because we can't take advantage of it e.g. for smb anyway, since we don't have NSS. Beside the given example of Active Directory, NFS 4 uses GSSAPI and Kerberos 5 too. Those are two things a lot of people want to support of the box. Joerg ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
On Mon, 18 Jul 2005, Vladimir Terziev wrote: The problem is that third party software is a part of basic software, which functionality includes authentication and authorization for host access. A bug in this third party software could become a reason for a host compromise even the functionality of the third party software in not used (e.g. bug in the kerberos libs could involve sshd/telnetd compromise). When you really need a kerberos authentication then re-build the respective software in order to have it. But in that case, you'll be aware that your access-granting software depends on something other and you'll be aware to keep this something other up-to-date and bugless. Expectations have changed over the last few years -- support for integrating into directory services, such as Active Directory and/or Kerberos, is now considered a basic expectation for operating systems, and as such is a "built by default" feature. Any time you increase the quantity of code, especially security/network-sensitive code, you increase the opportunity for problems, but where one sits on the spectrum of "enabled by default" functionality has to be a response to user requirements. The direction we've been going in to minimize exposure has been to disable features at run-time, rather than compile-time. I.e., we no longer enable telnetd, ftpd, etc, by default -- they must be explicitly enabled. Robert N M Watson Vladimir On Mon, 18 Jul 2005 20:55:57 +0930 "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: On Monday 18 July 2005 18:03, Vladimir Terziev wrote: your right about useless things, but making basic software to depend on these useless things is a very bad idea. I'm sure, telnet & ssh are the most used applications on any UNIX system, so they must not depend on any third party software by default. If you need kerberized ssh or telnet, then ok -- relink them to use kerberos, but why possible bugs in kerberos should affect ssh & telnet when kerberos is not mandantory for their functioning ? I think this is slightly disingenuous - what is the actual penalty for linking to Kerberos? It is easy to not use Kerberos if you don't want to, but it's a major pain in the ass to recompile ssh/telnet/etc when you do. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
On Monday 18 July 2005 21:14, Vladimir Terziev wrote: >The problem is that third party software is a part of basic software, > which functionality includes authentication and authorization for host > access. A bug in this third party software could become a reason for a host > compromise even the functionality of the third party software in not used > (e.g. bug in the kerberos libs could involve sshd/telnetd compromise). I think you can extend this argument to just about any piece of software on the system.. >When you really need a kerberos authentication then re-build the > respective software in order to have it. But in that case, you'll be aware > that your access-granting software depends on something other and you'll be > aware to keep this something other up-to-date and bugless. That is a pretty major inconvenience. It's like saying "Oh well if you want to use NSS you should rebuild things" - you can do it but it's very inconvenient. There is always a trade off but it seems most people don't think Heimdal is insecure enough to disable by default. (Has it has any bugs that have been exploitable in an unused configuration recently? I don't believe so). Personally I'd be more worried about the PAM code. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp5TEeoxa9MN.pgp Description: PGP signature
Re: Remove Heimdal Kerberos from my FreeBSD
The problem is that third party software is a part of basic software, which functionality includes authentication and authorization for host access. A bug in this third party software could become a reason for a host compromise even the functionality of the third party software in not used (e.g. bug in the kerberos libs could involve sshd/telnetd compromise). When you really need a kerberos authentication then re-build the respective software in order to have it. But in that case, you'll be aware that your access-granting software depends on something other and you'll be aware to keep this something other up-to-date and bugless. Vladimir On Mon, 18 Jul 2005 20:55:57 +0930 "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > On Monday 18 July 2005 18:03, Vladimir Terziev wrote: > >your right about useless things, but making basic software to depend on > > these useless things is a very bad idea. I'm sure, telnet & ssh are the > > most used applications on any UNIX system, so they must not depend on any > > third party software by default. If you need kerberized ssh or telnet, then > > ok -- relink them to use kerberos, but why possible bugs in kerberos should > > affect ssh & telnet when kerberos is not mandantory for their functioning ? > > I think this is slightly disingenuous - what is the actual penalty for > linking > to Kerberos? > > It is easy to not use Kerberos if you don't want to, but it's a major pain in > the ass to recompile ssh/telnet/etc when you do. > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
On Monday 18 July 2005 18:03, Vladimir Terziev wrote: >your right about useless things, but making basic software to depend on > these useless things is a very bad idea. I'm sure, telnet & ssh are the > most used applications on any UNIX system, so they must not depend on any > third party software by default. If you need kerberized ssh or telnet, then > ok -- relink them to use kerberos, but why possible bugs in kerberos should > affect ssh & telnet when kerberos is not mandantory for their functioning ? I think this is slightly disingenuous - what is the actual penalty for linking to Kerberos? It is easy to not use Kerberos if you don't want to, but it's a major pain in the ass to recompile ssh/telnet/etc when you do. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpZkMrFyfp0m.pgp Description: PGP signature
Re: Remove Heimdal Kerberos from my FreeBSD
Vladimir Terziev <[EMAIL PROTECTED]> writes: Hi. > i'm sure most of the FreeBSD users do not need kerberos for > authnetication. Could you give me your fortune teller crystal ball brand ? > If someone needs telnet+kerberos, then ok, such meta port could be > created and this person will just need to install it, but importing > something in the base system which is NOT commonly used is not a good > idea, as i've already said. More and more shops have Active Directory domains and windows boxes, Kerberos support is something important in these shops. So tune your system for your own use and refrain telling others how they should work. Éric Masson -- AB : (...) et encore on semble échapper aux betas :-, LF : bah peut-être qu'ils en font plus ;-) GG : Ils auraient embauché des types de Microsoft ? -+- GG in Guide du Macounet Pervers : Bah oui, gros béta ! -+- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
Hi, i'm sure most of the FreeBSD users do not need kerberos for authnetication. Things should be kept simple, not generic -- this is one of the principles of UNIX. If someone needs telnet+kerberos, then ok, such meta port could be created and this person will just need to install it, but importing something in the base system which is NOT commonly used is not a good idea, as i've already said. Vladimir On Mon, 18 Jul 2005 13:11:23 +0400 Roman Kurakin <[EMAIL PROTECTED]> wrote: > Vladimir Terziev wrote: > > > Hi, > > > > your right about useless things, but making basic software to depend on > > these useless things is a very bad idea. > > I'm sure, telnet & ssh are the most used applications on any UNIX system, > > so they must not depend on any third party software by default. If you need > > kerberized ssh or telnet, then ok -- relink them to use kerberos, but why > > possible bugs in kerberos should affect ssh & telnet when kerberos is not > > mandantory for their functioning? > > > > > It depends on what we chose as a basic functionality. One wouldn't use > it, for other > person it is necessary. Again, for generic system it is normal to have > extra functionality. > If we remove it, many persons would suffer from that. If you do not need > it, just do > not use it. And all one would be happy. > It is not a problem to depend on kerberos till it isn't removed. > > The worse thing is indirect depend. Why I have to setup lib by dependence, > that is needed by the unused functions from the lib I use? The same would be > to ask to remove those functions from that lib since they add extra > dependance. > > If smth is commonly used, even not by majority but by quite nomerous > community it should be in generic system. No one is restricted to customize > system for any particular case. If you have such ability there is no any > problem. > > rik > > > Vladimir > > > > > >On Mon, 18 Jul 2005 11:27:53 +0400 > >Roman Kurakin <[EMAIL PROTECTED]> wrote: > > > > > > > >>Hi, > >> > >>Vladimir Terziev wrote: > >> > >> > >> > >>> Yes, i deleted it along with all libs related to it. This caused > >>> telnet/ssh/etc to stop working. So i rebuilt the world with > >>> NO_KERBEROS=yes and now all is like a charm -- no Heimdal Kerberos and no > >>> software depending on it. > >>> I think making the Heimdal Kerberos part of the base FreeBSD OS is bad > >>> idea, but linking base software (like telnet, ssh), which is part of the > >>> base FreeBSD OS, against it, is very very bad idea. > >>> > >>> > >>> > >>> > >>Why? Yes, all current OSs have a lot of useless things from some one > >>point of view. > >>For example, at work I do not need X while driver development, but at > >>home I need it. > >>At home I may not need almost all development tools. > >>This is normal. If I want to setup a system fast and without additional > >>efforts I'll setup > >>a typical options. And I'll start use it as fast as it would be up. Most > >>peoples do the > >>same. > >> > >>It is better to have all thing in generic system that suits the majority. > >>If you want to setup a custom system, you need to do it manually. > >> > >>rik > >> > >> > >> > >>> Vladimir > >>> > >>> > >>>On Sun, 17 Jul 2005 22:02:04 +0930 > >>>"Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > On Sunday 17 July 2005 02:26, Dominic Marks wrote: > > > > > >In /etc/make.conf put > > > >NO_KERBEROS=yes > > > >Then build a new world. That should do the trick. > > > > > > > > > This won't remove it, it will just not update it. > You would have to delete it by hand. > > Telnet/ssh/etc don't have to depend on Kerberos and if you use the above > option they will be built without Kerb support. > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > > > > >>>___ > >>>freebsd-hackers@freebsd.org mailing list > >>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > >>>To unsubscribe, send any mail to "[EMAIL PROTECTED]" > >>> > >>> > >>> > >>> > >___ > >freebsd-hackers@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > >To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
Vladimir Terziev wrote: Hi, your right about useless things, but making basic software to depend on these useless things is a very bad idea. I'm sure, telnet & ssh are the most used applications on any UNIX system, so they must not depend on any third party software by default. If you need kerberized ssh or telnet, then ok -- relink them to use kerberos, but why possible bugs in kerberos should affect ssh & telnet when kerberos is not mandantory for their functioning? It depends on what we chose as a basic functionality. One wouldn't use it, for other person it is necessary. Again, for generic system it is normal to have extra functionality. If we remove it, many persons would suffer from that. If you do not need it, just do not use it. And all one would be happy. It is not a problem to depend on kerberos till it isn't removed. The worse thing is indirect depend. Why I have to setup lib by dependence, that is needed by the unused functions from the lib I use? The same would be to ask to remove those functions from that lib since they add extra dependance. If smth is commonly used, even not by majority but by quite nomerous community it should be in generic system. No one is restricted to customize system for any particular case. If you have such ability there is no any problem. rik Vladimir On Mon, 18 Jul 2005 11:27:53 +0400 Roman Kurakin <[EMAIL PROTECTED]> wrote: Hi, Vladimir Terziev wrote: Yes, i deleted it along with all libs related to it. This caused telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes and now all is like a charm -- no Heimdal Kerberos and no software depending on it. I think making the Heimdal Kerberos part of the base FreeBSD OS is bad idea, but linking base software (like telnet, ssh), which is part of the base FreeBSD OS, against it, is very very bad idea. Why? Yes, all current OSs have a lot of useless things from some one point of view. For example, at work I do not need X while driver development, but at home I need it. At home I may not need almost all development tools. This is normal. If I want to setup a system fast and without additional efforts I'll setup a typical options. And I'll start use it as fast as it would be up. Most peoples do the same. It is better to have all thing in generic system that suits the majority. If you want to setup a custom system, you need to do it manually. rik Vladimir On Sun, 17 Jul 2005 22:02:04 +0930 "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: On Sunday 17 July 2005 02:26, Dominic Marks wrote: In /etc/make.conf put NO_KERBEROS=yes Then build a new world. That should do the trick. This won't remove it, it will just not update it. You would have to delete it by hand. Telnet/ssh/etc don't have to depend on Kerberos and if you use the above option they will be built without Kerb support. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
Hi, your right about useless things, but making basic software to depend on these useless things is a very bad idea. I'm sure, telnet & ssh are the most used applications on any UNIX system, so they must not depend on any third party software by default. If you need kerberized ssh or telnet, then ok -- relink them to use kerberos, but why possible bugs in kerberos should affect ssh & telnet when kerberos is not mandantory for their functioning ? Vladimir On Mon, 18 Jul 2005 11:27:53 +0400 Roman Kurakin <[EMAIL PROTECTED]> wrote: > Hi, > > Vladimir Terziev wrote: > > >Yes, i deleted it along with all libs related to it. This caused > > telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes > > and now all is like a charm -- no Heimdal Kerberos and no software > > depending on it. > >I think making the Heimdal Kerberos part of the base FreeBSD OS is bad > > idea, but linking base software (like telnet, ssh), which is part of the > > base FreeBSD OS, against it, is very very bad idea. > > > > > Why? Yes, all current OSs have a lot of useless things from some one > point of view. > For example, at work I do not need X while driver development, but at > home I need it. > At home I may not need almost all development tools. > This is normal. If I want to setup a system fast and without additional > efforts I'll setup > a typical options. And I'll start use it as fast as it would be up. Most > peoples do the > same. > > It is better to have all thing in generic system that suits the majority. > If you want to setup a custom system, you need to do it manually. > > rik > > > Vladimir > > > > > >On Sun, 17 Jul 2005 22:02:04 +0930 > >"Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > > > > > > > >>On Sunday 17 July 2005 02:26, Dominic Marks wrote: > >> > >> > >>>In /etc/make.conf put > >>> > >>>NO_KERBEROS=yes > >>> > >>>Then build a new world. That should do the trick. > >>> > >>> > >>This won't remove it, it will just not update it. > >>You would have to delete it by hand. > >> > >>Telnet/ssh/etc don't have to depend on Kerberos and if you use the above > >>option they will be built without Kerb support. > >> > >>-- > >>Daniel O'Connor software and network engineer > >>for Genesis Software - http://www.gsoft.com.au > >>"The nice thing about standards is that there > >>are so many of them to choose from." > >> -- Andrew Tanenbaum > >>GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > >> > >> > >> > >___ > >freebsd-hackers@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > >To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
Hi, Vladimir Terziev wrote: Yes, i deleted it along with all libs related to it. This caused telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes and now all is like a charm -- no Heimdal Kerberos and no software depending on it. I think making the Heimdal Kerberos part of the base FreeBSD OS is bad idea, but linking base software (like telnet, ssh), which is part of the base FreeBSD OS, against it, is very very bad idea. Why? Yes, all current OSs have a lot of useless things from some one point of view. For example, at work I do not need X while driver development, but at home I need it. At home I may not need almost all development tools. This is normal. If I want to setup a system fast and without additional efforts I'll setup a typical options. And I'll start use it as fast as it would be up. Most peoples do the same. It is better to have all thing in generic system that suits the majority. If you want to setup a custom system, you need to do it manually. rik Vladimir On Sun, 17 Jul 2005 22:02:04 +0930 "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: On Sunday 17 July 2005 02:26, Dominic Marks wrote: In /etc/make.conf put NO_KERBEROS=yes Then build a new world. That should do the trick. This won't remove it, it will just not update it. You would have to delete it by hand. Telnet/ssh/etc don't have to depend on Kerberos and if you use the above option they will be built without Kerb support. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
On Sunday 17 July 2005 22:16, Vladimir Terziev wrote: > Yes, i deleted it along with all libs related to it. This caused > telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes > and now all is like a charm -- no Heimdal Kerberos and no software > depending on it. I think making the Heimdal Kerberos part of the base > FreeBSD OS is bad idea, but linking base software (like telnet, ssh), which > is part of the base FreeBSD OS, against it, is very very bad idea. Well you're entitled to your opinion but you might like to back it up with reasons.. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp5xaUfb741i.pgp Description: PGP signature
Re: Remove Heimdal Kerberos from my FreeBSD
Yes, i deleted it along with all libs related to it. This caused telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes and now all is like a charm -- no Heimdal Kerberos and no software depending on it. I think making the Heimdal Kerberos part of the base FreeBSD OS is bad idea, but linking base software (like telnet, ssh), which is part of the base FreeBSD OS, against it, is very very bad idea. Vladimir On Sun, 17 Jul 2005 22:02:04 +0930 "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > On Sunday 17 July 2005 02:26, Dominic Marks wrote: > > In /etc/make.conf put > > > > NO_KERBEROS=yes > > > > Then build a new world. That should do the trick. > > This won't remove it, it will just not update it. > You would have to delete it by hand. > > Telnet/ssh/etc don't have to depend on Kerberos and if you use the above > option they will be built without Kerb support. > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
On Sunday 17 July 2005 02:26, Dominic Marks wrote: > In /etc/make.conf put > > NO_KERBEROS=yes > > Then build a new world. That should do the trick. This won't remove it, it will just not update it. You would have to delete it by hand. Telnet/ssh/etc don't have to depend on Kerberos and if you use the above option they will be built without Kerb support. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpiQh0hFtWi5.pgp Description: PGP signature
Re: Remove Heimdal Kerberos from my FreeBSD
On Saturday 16 July 2005 17:43, Vladimir Terziev wrote: > Hi, > > i've just installed a fresh FreeBSD 5.4 on my PC i saw i have > Heimdal Kerberos installed on it. I don't want Heimdal Kerberos on my > syetem! Could someone point me to a easy way to remove it and rebuild > all software (telnet, ssh, etc) which depends on it? In /etc/make.conf put NO_KERBEROS=yes Then build a new world. That should do the trick. I think freebsd-questions@freebsd.org would have been a more appropriate place to ask this question. > Thanks in advance! > > Vladimir > ___ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" -- Dominic Marks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Remove Heimdal Kerberos from my FreeBSD
Thanks, for the suggestion. I hope it will help me. Why exactly Heimdal Kerberos had been incorporated into the base system? Why not MIT Kerberos ? Vladimir On Sat, 16 Jul 2005 17:56:57 +0100 Dominic Marks <[EMAIL PROTECTED]> wrote: > On Saturday 16 July 2005 17:43, Vladimir Terziev wrote: > > Hi, > > > > i've just installed a fresh FreeBSD 5.4 on my PC i saw i have > > Heimdal Kerberos installed on it. I don't want Heimdal Kerberos on my > > syetem! Could someone point me to a easy way to remove it and rebuild > > all software (telnet, ssh, etc) which depends on it? > > In /etc/make.conf put > > NO_KERBEROS=yes > > Then build a new world. That should do the trick. > > I think freebsd-questions@freebsd.org would have been a more > appropriate place to ask this question. > > > Thanks in advance! > > > > Vladimir > > ___ > > freebsd-hackers@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > -- > Dominic Marks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Remove Heimdal Kerberos from my FreeBSD
Hi, i've just installed a fresh FreeBSD 5.4 on my PC i saw i have Heimdal Kerberos installed on it. I don't want Heimdal Kerberos on my syetem! Could someone point me to a easy way to remove it and rebuild all software (telnet, ssh, etc) which depends on it? Thanks in advance! Vladimir ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"