Hello. I fiddle around with Heimdal/Kerberos on FreeBSD 4.7-RELEASE-p3 and I am responsible for some PicoBSD driven gateways, filters and firewalls.
Creating a boot CD with PicoBSD works well as long as Kerberos IV/Heimdal (Kerberos V) is not installed. Because I asked previously many times without response, I would ask someone for doing a favor. I create the PicoBSD image on a system which should be member of a Heimdal Kerberos V realm. Now I need to know how to activate Kerberos 5: First I changed the approprate line in /etc/make.conf to get KERBEROS 5 compiled. But this seems to be insufficient, because some libraries and tools are not present then. But with only KERBEROS 5 enabled, PicoBSD compiles well. So I enabled also KERBEROS 4 to get the full Heimdal/Kerberos 5 functionality, but after the reinstallation PicoBSD won't compile anymore. When gathering the binaries of tools and libraries, PicoBSD fails building something around the passwd.lo or similar and reports missing references to functions beginning with krb_xxx (kerberos routines). I have two questions/ favors to ask for: If I want to have full Kerberos 5 functionality on FreeBSD 4.7/4.8, is it right to have both KERBEROS_5 __and__ KERBEROS_4 enabled in /etc/make.conf? Maybe all the problems are results of a mistake I did, but documentation on Kerberos is really bad in FreeBSD, especially what's special in FreeBSD in spite of the MIT distribution. If you verify that it is right having both KERBEROS_5 __and__ KERBEROS_4 enabled in /etc/make.conf, please try to compile a PicoBSD on such a Heimdal-prepared machine. I did the following, which worked before: Go to /usr/src/release/picobsd and make a copy of the here located example "bridge" and name it, say, bastion. The do a 'cd' into 'bastion' and comment out all lines for the 'ssh1-shell' at the end of 'crunch.conf' (we do not want to compile ssh1). Then do a 'cd ..' and call './build/picobsd -v -n bastion', this calls the builder and picobsd should now try to build a PicoBSD. I did so on a fresh installed machine (did a make world after patching to 4.7-RELEASE-p3 without any KERBEROS/Heimdal facilities enabled ...) and it worked for me. You should now ensure that KERBEROS is not installed on your system, that means, KERBEROS never has been enabled so several libraries are not kerberized (best way is a fresh installation without Kerberos). If it installs a PicoBSD well, then try to enable first KERBEROS_5 in /etc/make.conf and do a build world. I did so the first time and all things ran well also with PicoBSD. But after additionaly enabling KERBEROS_4 PicoBSD won't compile anymore. Maybe this is a bug or I am too stupid using FreeBSD. but I need to know what fact is causing the misbehaviour of PicoBSD due to the fact I need PicoBSD (but I also need Kerberos because we want to build our PicoBSD images on a system which is memeber of a KRB5 realm). I will appreciate any comments. Thanks a lot in advance, Oliver -- MfG O. Hartmann [EMAIL PROTECTED] ------------------------------------------------------------------ IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) ------------------------------------------------------------------ Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinenraum) Tel: +496131/3924144 (Buero) FAX: +496131/3923532 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message