Switching to heimdal security

J

jonfr

Due to issues with the current security implementation in FreeBSD, that is
Code: 
GSSAPI_BASE
and
Code: 
GSSAPI_MIT
. I switched everything to
Code: 
GSSAPI_HEIMDAL
and installed security/heimdal.

This means I need to rebuild several ports. What is the best way to do so? I've already rebuilt lang/perl5.24 and security/p5-GSSAPI.

Thanks for the help.
 
You probably not only need to rebuild, you'll also need to reconfigure them. As to the best method, that heavily depends on opinion I guess. My preference would be to collect all port origins (for example: dns/bind910) and add these to a list (text file). Then all you need to do is feed that list to ports-mgmt/portmaster and it will handle the rest.

Better yet: if you have that list already be sure to use the --force-config Portmaster parameter, this enforces the config to be re-issued which allows you to change the appropriate settings.

Another approach I just thought off... OPTIONS_SET which can be set in /etc/make.conf. This should be able to work:

Code: 
OPTIONS_SET=GSSAPI_HEIMDAL
You'll probably still need to reconfigure the ports, but at least the option will have been set for you, which allows you to simply hit enter to confirm the updated settings.

Hope this can help.
 
I've been reading a lot lately about security issues in FreeBSD, what is the real issue at the moment? Is it a matter of wanting backwards compitability? Is it really that difficult to break some conventions if it increases security for end users?
 
gofer_touch said:
I've been reading a lot lately about security issues in FreeBSD
Click to expand...
Don't get led astray by chicken little articles and posters. These issues are matter-of-fact, "course of the day" issues that every system has at one point in their existence and will be solved if they haven't already.

jonfr I thought we were to use the MIT setting because there are some things it sets that heimdal ignores. There are rare instances this could cause problems and the MIT setting covers those.

I don't have my notes so I can't recall anything about it.
 
You must log in or register to reply here.
Back
Top