- krb5-116 MIT implementation of RFC 4120 network authentication service
1.16.1_2 security =0
- Maintainer: cy@FreeBSD.org
Port Added: 06 Dec 2017 04:18:23
Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <firstname.lastname@example.org>SVNWeb : Homepage : PortsMon
Pseudo-pkg-plist information, but much better, from
To install the port:
cd /usr/ports/security/krb5-116/ && make install clean
To add the package:
pkg install krb5-116
TIMESTAMP = 1525411805
SHA256 (krb5-1.16.1.tar.gz) = 214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117
SIZE (krb5-1.16.1.tar.gz) = 9477480
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.Build dependencies:
- gmake : devel/gmake
- libtool : devel/libtool
- msgfmt : devel/gettext-tools
- perl5>=5.26<5.27 : lang/perl5.26
- pkgconf>=1.3.0_1 : devel/pkgconf
There are no ports dependent upon this port
- libintl.so : devel/gettext-runtime
- libreadline.so.7 : devel/readline
===> The following configuration options are available for krb5-116-1.16.1_2:
DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names
EXAMPLES=on: Build and/or install examples
KRB5_HTML=on: Install krb5 HTML documentation
KRB5_PDF=on: Install krb5 PDF documentation
LDAP=off: LDAP protocol support
NLS=on: Native Language Support
====> Command line editing for kadmin and ktutil: you can only select none or one of them
READLINE=on: Command line editing via libreadline
READLINE_PORT=off: Command line editing via devel/readline
LIBEDIT=off: Command line editing via libedit
===> Use 'make config' to modify these settings
cpe gmake localbase perl5 libtool:build gssapi:bootstrap,mit pkgconfig:run ssl gettext-runtime gettext readline
Number of commits found: 9
|Commit History - (may be incomplete: see SVNWeb link above for full details)
|13 Jun 2018 05:55:52
MIT krb5 fails to build with boringssl installed due to a missing
typedef for PKCS7 in the boringssl pkcs7.h.
|13 Jun 2018 05:44:58
Fix build with libressl and bearssl.
|12 Jun 2018 03:42:18
Fix logic from patch supplied in PR 217027, committed in
r433966 and r433967.
|04 May 2018 06:18:44
Update 1.16 --> 1.16.1
Major changes in 1.16.1 (2018-05-03)
This is a bug fix release.
* Fix flaws in LDAP DN checking, including a null dereference KDC
crash which could be triggered by kadmin clients with administrative
privileges [CVE-2018-5729, CVE-2018-5730].
* Fix a KDC PKINIT memory leak.
* Fix a small KDC memory leak on transited or authdata errors when
processing TGS requests.(Only the first 15 lines of the commit message are shown above )
|29 Mar 2018 14:53:24
Mark some ports broken with openssl-devel.
Sponsored by: Absolight
|02 Feb 2018 06:50:25
Fix build when NLS option is unchecked.
Reported by: Geraud CONTINSOUZAS <email@example.com>
|11 Jan 2018 16:24:53
Remove superfluous linefeeds.
|10 Jan 2018 15:08:51
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files which are not actually manual pages.
|06 Dec 2017 04:18:14
Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.
Major changes in 1.16 (2017-12-05)
* The KDC can match PKINIT client certificates against the
"pkinit_cert_match" string attribute on the client principal entry,
using the same syntax as the existing "pkinit_cert_match" profile
* The ktutil addent command supports the "-k 0" option to ignore the
key version, and the "-s" option to use a non-default salt string.(Only the first 15 lines of the commit message are shown above )
Number of commits found: 9