Mailing List Archive

Building OpenSSH with Heimdal/Kerberos on OpenBSD
I'm new to openbsd to please excuse if some of the following questions
are stupid (I did google).

Am I supposed to build OpenSSH from the non-portable version with
Kerberos on a rather fresh install of OpenBSD 6.4?

I did download OpenSSH-7.9, followed instructions in README and it
builds ok.

I have installed heimdal via pkg_ad and have the commands and the libs
are in /usr/local/heimdal/libs. kinit works.


SSH: -------

When I go to the ssh folder and edit the makefile to set kerberos=yes I
get errors. I had to change the kerberos include path add an LDFLAG to
point it to the heimdal lib folder.

Then it was missing choking on -lcom_err and I had to point it to
/usr/local/lib as well. (Meanwhile I had compiled heimdal from the
ports package, so I don't know if libcom_err.so was there in the first
place or came with the heimdal compile).

Then it turned out that gss-genr.c needed to be added to SRCS in the
Makefile.

I guess the lib paths may be my lack of understanding OpenBSD, but teh
missing source looks like a bug in the Makefile to me.



SSHD: -------

Similar things happened with sshd. Once I added the lib-paths and
include-paths, I got error messages. Essentially some include files were
missing in various files to make them compile, e.g. in gss-serv.c




QUESTIONS: -------

I guess the missing paths are my fault one way or another, but I wonder
if I should compile it based on heimdal or (seening the different
include path originally pointing to "/usr/include/KerberosV") if I
should use a different kerberos package (self compiled MIT or something).

Also, judging from the compile errors in sshd, once -DGSSAPI is enabled,
I guess these are real errors.

So another question is, if it is so unusual to use OpenBSD with ssh and
Kerberos, that nobody tried it in a long time. Should I build the
portable version instead or what else should I do (make a patch, if so,
including the new lib paths?)


Thanks


Markus Schmidt

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Building OpenSSH with Heimdal/Kerberos on OpenBSD [ In reply to ]
On 03.15.19 16:58 , Markus Schmidt wrote:
> Also, judging from the compile errors in sshd, once -DGSSAPI is enabled,
> I guess these are real errors.

Attached is a diff of the changes I had to make to get ssh and sshd
compile with -DGSSAPI (and gssapi.h from heimdal), regardless of the
other problems (like missing lib folders, etc.).

This is for the BSD version of OpenSSH.



Markus