Building OpenSSH with Heimdal/Kerberos on OpenBSD
markus at blueflash.cc
Sat Mar 16 02:58:49 AEDT 2019
I'm new to openbsd to please excuse if some of the following questions
are stupid (I did google).
Am I supposed to build OpenSSH from the non-portable version with
Kerberos on a rather fresh install of OpenBSD 6.4?
I did download OpenSSH-7.9, followed instructions in README and it
I have installed heimdal via pkg_ad and have the commands and the libs
are in /usr/local/heimdal/libs. kinit works.
When I go to the ssh folder and edit the makefile to set kerberos=yes I
get errors. I had to change the kerberos include path add an LDFLAG to
point it to the heimdal lib folder.
Then it was missing choking on -lcom_err and I had to point it to
/usr/local/lib as well. (Meanwhile I had compiled heimdal from the
ports package, so I don't know if libcom_err.so was there in the first
place or came with the heimdal compile).
Then it turned out that gss-genr.c needed to be added to SRCS in the
I guess the lib paths may be my lack of understanding OpenBSD, but teh
missing source looks like a bug in the Makefile to me.
Similar things happened with sshd. Once I added the lib-paths and
include-paths, I got error messages. Essentially some include files were
missing in various files to make them compile, e.g. in gss-serv.c
I guess the missing paths are my fault one way or another, but I wonder
if I should compile it based on heimdal or (seening the different
include path originally pointing to "/usr/include/KerberosV") if I
should use a different kerberos package (self compiled MIT or something).
Also, judging from the compile errors in sshd, once -DGSSAPI is enabled,
I guess these are real errors.
So another question is, if it is so unusual to use OpenBSD with ssh and
Kerberos, that nobody tried it in a long time. Should I build the
portable version instead or what else should I do (make a patch, if so,
including the new lib paths?)
More information about the openssh-unix-dev