[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-security
Subject:    Re: CVS commit: src/usr.bin/passwd
From:       Greg Troxel <gdt () ir ! bbn ! com>
Date:       2013-02-13 23:11:45
Message-ID: rmiobfnajwu.fsf () fnord ! ir ! bbn ! com
[Download RAW message or body]


"Christos Zoulas" <christos@netbsd.org> writes:

> Module Name:	src
> Committed By:	christos
> Date:		Mon Feb 11 23:11:49 UTC 2013
>
> Modified Files:
> 	src/usr.bin/passwd: Makefile
>
> Log Message:
> don't build kpasswd; heimdal does it for us.

This change breaks the build of password with objects from before.
That's not that big a deal, but it also removes kerberos support from
passwd(1).  I can see that kpasswd(1) should not be a symlink to
passwd(1), but where was the discussion on removing kerberos5 support
From passwd?

To fix, I think the following should be applied.  There's no need to
have a kpasswd if heimdal isn't built, and given that it was usually
overridden I'd just call that a bug.

--- Makefile.~1.43.~	2013-02-13 08:47:37.000000000 -0500
+++ Makefile	2013-02-13 18:10:51.000000000 -0500
@@ -25,16 +25,12 @@ LDADD+= -lcrypt -lutil
 BINOWN=	root
 BINMODE=4555
 
-.ifdef OVERRIDE_HEIMDAL_KPASSWD
 .if (${USE_KERBEROS} != "no")
 CPPFLAGS+= -DKERBEROS5
 SRCS+=	krb5_passwd.c
 
 DPADD+=	${LIBKRB5} ${LIBCRYPTO} ${LIBASN1} ${LIBCOM_ERR} ${LIBROKEN} ${LIBCRYPT}
 LDADD+=	-lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lcrypt
-LINKS+=	${BINDIR}/passwd ${BINDIR}/kpasswd
-MAN+=	kpasswd.1
-.endif
 .endif
 
 .if (${USE_PAM} != "no")

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]