notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine
I started running short on disk space for the non-production FreshPorts hosts. This time, I have decided to ask for donations. See my recent blog post which points to my Patreon account.
Port details on branch 2023Q3
krb5-121 MIT implementation of RFC 4120 network authentication service
1.21.2 security on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 1.21.1_1Version of this port present on the latest quarterly branch.
Maintainer: cy@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2023-07-11 18:27:14
Last Update: 2023-08-16 15:31:24
Commit Hash: 06f56fb
License: MIT
WWW:
https://web.mit.edu/kerberos/
Description:
Kerberos V5 is an authentication system developed at MIT. Abridged from the User Guide: Under Kerberos, a client sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT, it keeps the decrypted TGT, which indicates proof of the client's identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already used to. Kerberos V5 is a single-sign-on system, which means that you have to type your password only once per session, and Kerberos does the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com>
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (185 items)
Collapse this list.
  1. @ldconfig
  2. /usr/local/share/licenses/krb5-121-1.21.2/catalog.mk
  3. /usr/local/share/licenses/krb5-121-1.21.2/LICENSE
  4. /usr/local/share/licenses/krb5-121-1.21.2/MIT
  5. bin/compile_et
  6. bin/gss-client
  7. bin/k5srvutil
  8. bin/kadmin
  9. bin/kdestroy
  10. bin/kinit
  11. bin/klist
  12. bin/kpasswd
  13. bin/krb5-config
  14. @mode 04755
  15. @owner root
  16. @group wheel
  17. bin/ksu
  18. @mode
  19. @owner root
  20. @group wheel
  21. bin/kswitch
  22. bin/ktutil
  23. bin/kvno
  24. bin/sclient
  25. bin/sim_client
  26. bin/uuclient
  27. include/com_err.h
  28. include/gssapi.h
  29. include/gssapi/gssapi.h
  30. include/gssapi/gssapi_alloc.h
  31. include/gssapi/gssapi_ext.h
  32. include/gssapi/gssapi_generic.h
  33. include/gssapi/gssapi_krb5.h
  34. include/gssapi/mechglue.h
  35. include/gssrpc/auth.h
  36. include/gssrpc/auth_gss.h
  37. include/gssrpc/auth_gssapi.h
  38. include/gssrpc/auth_unix.h
  39. include/gssrpc/clnt.h
  40. include/gssrpc/netdb.h
  41. include/gssrpc/pmap_clnt.h
  42. include/gssrpc/pmap_prot.h
  43. include/gssrpc/pmap_rmt.h
  44. include/gssrpc/rename.h
  45. include/gssrpc/rpc.h
  46. include/gssrpc/rpc_msg.h
  47. include/gssrpc/svc.h
  48. include/gssrpc/svc_auth.h
  49. include/gssrpc/types.h
  50. include/gssrpc/xdr.h
  51. include/krad.h
  52. include/krb5.h
  53. include/krb5/ccselect_plugin.h
  54. include/krb5/clpreauth_plugin.h
  55. include/krb5/hostrealm_plugin.h
  56. include/krb5/kadm5_hook_plugin.h
  57. include/krb5/kdcpolicy_plugin.h
  58. include/krb5/kdcpreauth_plugin.h
  59. include/krb5/localauth_plugin.h
  60. include/krb5/krb5.h
  61. include/krb5/locate_plugin.h
  62. include/krb5/plugin.h
  63. include/krb5/pwqual_plugin.h
  64. include/kadm5/admin.h
  65. include/kadm5/chpass_util_strings.h
  66. include/krb5/kadm5_auth_plugin.h
  67. include/kadm5/kadm_err.h
  68. include/kdb.h
  69. include/krb5/certauth_plugin.h
  70. include/krb5/preauth_plugin.h
  71. include/profile.h
  72. include/verto-module.h
  73. include/verto.h
  74. lib/libcom_err.so
  75. lib/libcom_err.so.3
  76. lib/libcom_err.so.3.0
  77. lib/libgssapi_krb5.so
  78. lib/libgssapi_krb5.so.2
  79. lib/libgssapi_krb5.so.2.2
  80. lib/libgssrpc.so
  81. lib/libgssrpc.so.4
  82. lib/libgssrpc.so.4.2
  83. lib/libk5crypto.so
  84. lib/libk5crypto.so.3
  85. lib/libk5crypto.so.3.1
  86. lib/libkadm5clnt.so
  87. lib/libkadm5clnt_mit.so
  88. lib/libkadm5clnt_mit.so.12
  89. lib/libkadm5clnt_mit.so.12.0
  90. lib/libkadm5srv.so
  91. lib/libkadm5srv_mit.so
  92. lib/libkadm5srv_mit.so.12
  93. lib/libkadm5srv_mit.so.12.0
  94. lib/libkdb5.so
  95. lib/libkdb5.so.10
  96. lib/libkdb5.so.10.0
  97. lib/libkrb5.so
  98. lib/libkrb5.so.3
  99. lib/libkrb5.so.3.3
  100. lib/libkrb5support.so
  101. lib/libkrb5support.so.0
  102. lib/libkrb5support.so.0.1
  103. lib/krb5/plugins/kdb/db2.so
  104. @comment lib/krb5/plugins/kdb/klmdb.so
  105. lib/krb5/plugins/tls/k5tls.so
  106. @comment lib/krb5/plugins/kdb/kldap.so
  107. lib/krb5/plugins/preauth/otp.so
  108. lib/krb5/plugins/preauth/pkinit.so
  109. lib/krb5/plugins/preauth/spake.so
  110. lib/krb5/plugins/preauth/test.so
  111. @comment lib/libkdb_ldap.so
  112. @comment lib/libkdb_ldap.so.1
  113. @comment lib/libkdb_ldap.so.1.0
  114. lib/libkrad.so
  115. lib/libkrad.so.0
  116. lib/libkrad.so.0.0
  117. lib/libverto.so
  118. lib/libverto.so.0
  119. lib/libverto.so.0.0
  120. libdata/pkgconfig/gssrpc.pc
  121. libdata/pkgconfig/kadm-client.pc
  122. libdata/pkgconfig/kadm-server.pc
  123. libdata/pkgconfig/kdb.pc
  124. libdata/pkgconfig/krb5-gssapi.pc
  125. libdata/pkgconfig/krb5.pc
  126. libdata/pkgconfig/mit-krb5-gssapi.pc
  127. libdata/pkgconfig/mit-krb5.pc
  128. man/man1/compile_et.1.gz
  129. man/man1/k5srvutil.1.gz
  130. man/man1/kadmin.1.gz
  131. man/man1/kdestroy.1.gz
  132. man/man1/kinit.1.gz
  133. man/man1/klist.1.gz
  134. man/man1/kpasswd.1.gz
  135. man/man1/krb5-config.1.gz
  136. man/man1/ksu.1.gz
  137. man/man1/kswitch.1.gz
  138. man/man1/ktutil.1.gz
  139. man/man1/kvno.1.gz
  140. man/man1/sclient.1.gz
  141. man/man5/.k5identity.5.gz
  142. man/man5/.k5login.5.gz
  143. man/man5/k5identity.5.gz
  144. man/man5/k5login.5.gz
  145. man/man5/kadm5.acl.5.gz
  146. man/man5/kdc.conf.5.gz
  147. man/man5/krb5.conf.5.gz
  148. man/man7/kerberos.7.gz
  149. man/man8/kadmin.local.8.gz
  150. man/man8/kadmind.8.gz
  151. man/man8/kdb5_ldap_util.8.gz
  152. man/man8/kdb5_util.8.gz
  153. man/man8/kprop.8.gz
  154. man/man8/kpropd.8.gz
  155. man/man8/kproplog.8.gz
  156. man/man8/krb5kdc.8.gz
  157. man/man8/sserver.8.gz
  158. sbin/gss-server
  159. sbin/kadmin.local
  160. sbin/kadmind
  161. @comment sbin/kdb5_ldap_util
  162. sbin/kdc
  163. sbin/kdb5_util
  164. sbin/kprop
  165. sbin/kpropd
  166. sbin/kproplog
  167. sbin/krb5-send-pr
  168. sbin/krb5kdc
  169. sbin/sim_server
  170. sbin/sserver
  171. sbin/uuserver
  172. share/et/et_c.awk
  173. share/et/et_h.awk
  174. share/locale/de/LC_MESSAGES/mit-krb5.mo
  175. share/locale/en_US/LC_MESSAGES/mit-krb5.mo
  176. share/locale/ka/LC_MESSAGES/mit-krb5.mo
  177. @comment share/krb5/kerberos.schema
  178. @comment share/krb5/kerberos.ldif
  179. @dir lib/krb5/plugins/authdata
  180. @dir lib/krb5/plugins/libkrb5
  181. @dir var/run/krb5kdc
  182. @dir var/krb5kdc
  183. @owner
  184. @group
  185. @mode
Collapse this list.
USE_RC_SUBR (Service Scripts)
  • no SUBR information found for this port
Dependency lines:
  • krb5-121>0:security/krb5-121
Conflicts:
CONFLICTS:
  • heimdal
  • krb5
  • krb5-11*
  • krb5-120
CONFLICTS_BUILD:
  • boringssl
To install the port:
cd /usr/ports/security/krb5-121/ && make install clean
To add the package, run one of these commands:
  • pkg install security/krb5-121
  • pkg install krb5-121
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: krb5-121
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1692194668 SHA256 (krb5-1.21.2.tar.gz) = 9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491 SIZE (krb5-1.21.2.tar.gz) = 8622513
Packages (timestamps in pop-ups are UTC):
krb5-121
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest1.21.3_11.21.3_1-1.21.3_11.21.3_1n/an/an/a
FreeBSD:13:quarterly1.21.3_11.21.3_11.21.21.21.3_11.21.3_1n/an/an/a
FreeBSD:14:latest1.21.3_11.21.3_1-1.21.3_11.21.3_11.21-1.21
FreeBSD:14:quarterly1.21.3_11.21.3_1-1.21.3_11.21.3_11.21.21.21.21.21.2
FreeBSD:15:latest1.21.3_11.21.3_1n/a1.21.3_1n/an/a1.21.2_31.21.2_3
FreeBSD:15:quarterly1.21.3_11.21.3_1n/a-n/an/a--
FreeBSD:16:latest1.21.3_11.21.3_1n/a-n/an/a--
 

krb5-ldap-121
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest1.21.3_11.21.3_1-1.21.3_11.21.3_1n/an/an/a
FreeBSD:13:quarterly1.21.3_11.21.3_1-1.21.3_11.21.3_1n/an/an/a
FreeBSD:14:latest1.21.3_11.21.3_1-1.21.3_11.21.3_1---
FreeBSD:14:quarterly1.21.3_11.21.3_1-1.21.3_11.21.3_1---
FreeBSD:15:latest1.21.3_11.21.3_1n/a1.21.3_1n/an/a-1.21.2_3
FreeBSD:15:quarterly1.21.3_11.21.3_1n/a-n/an/a--
FreeBSD:16:latest1.21.3_11.21.3_1n/a-n/an/a--
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
  2. libtool : devel/libtool
  3. pkgconf>=1.3.0_1 : devel/pkgconf
  4. msgfmt : devel/gettext-tools
  5. autoconf>=2.71 : devel/autoconf
  6. automake>=1.16.5 : devel/automake
  7. perl5>=5.32.r0<5.33 : lang/perl5.32
Library dependencies:
  1. libintl.so : devel/gettext-runtime
  2. libreadline.so.8 : devel/readline
There are no ports dependent upon this port
Configuration Options:
===> The following configuration options are available for krb5-121-1.21.2: DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names EXAMPLES=on: Build and/or install examples KRB5_HTML=on: Install krb5 HTML documentation KRB5_PDF=on: Install krb5 PDF documentation LDAP=off: LDAP protocol support LMDB=off: OpenLDAP Lightning Memory-Mapped Database support NLS=on: Native Language Support ====> Command line editing for kadmin and ktutil: you can only select none or one of them READLINE=on: Command line editing via libreadline LIBEDIT=off: Command line editing via libedit LIBEDIT_BASE=off: Use libedit in FreeBSD base ===> Use 'make config' to modify these settings
Options name:
security_krb5-121
USES:
autoreconf compiler:c++11-lang cpe gmake gettext-runtime gssapi:bootstrap,mit libtool:build localbase perl5 pkgconfig ssl gettext readline
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. http://web.mit.edu/kerberos/dist/krb5/1.21/
Collapse this list.

Number of commits found: 5

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
1.21.2
16 Aug 2023 15:31:24
commit hash: 06f56fb54dc5ca9a28b63f2bc84d3dbc1dc5192dcommit hash: 06f56fb54dc5ca9a28b63f2bc84d3dbc1dc5192dcommit hash: 06f56fb54dc5ca9a28b63f2bc84d3dbc1dc5192dcommit hash: 06f56fb54dc5ca9a28b63f2bc84d3dbc1dc5192d files touched by this commit		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Update to 1.21.2

Major changes in 1.21.2 (2023-08-14)
====================================

This is a bug fix release.

* Fix double-free in KDC TGS processing [CVE-2023-39975].

MFH:	2023Q3
(cherry picked from commit 8522ddedb83d4815964c9d2b4121980b187f4c53)
1.21.1_1
16 Aug 2023 15:31:24
commit hash: aa4e888e949e1a194441551cd28c33f9d0d72b22commit hash: aa4e888e949e1a194441551cd28c33f9d0d72b22commit hash: aa4e888e949e1a194441551cd28c33f9d0d72b22commit hash: aa4e888e949e1a194441551cd28c33f9d0d72b22 files touched by this commit		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Fix double-free in KDC TGS processing

Upstream's commit log message:

    When issuing a ticket for a TGS renew or validate request, copy only
    the server field from the outer part of the header ticket to the new
    ticket.  Copying the whole structure causes the enc_part pointer to be
    aliased to the header ticket until krb5_encrypt_tkt_part() is called,
    resulting in a double-free if handle_authdata() fails.

    [ghudson@mit.edu: changed the fix to avoid aliasing enc_part rather
    than check for aliasing before freeing; rewrote commit message]

    CVE-2023-39975:
(Only the first 15 lines of the commit message are shown above View all of this commit message)
1.21.1
16 Aug 2023 15:31:23
commit hash: 07dc31ec0710a7ab1e031b0423e73518c2b4d0dbcommit hash: 07dc31ec0710a7ab1e031b0423e73518c2b4d0dbcommit hash: 07dc31ec0710a7ab1e031b0423e73518c2b4d0dbcommit hash: 07dc31ec0710a7ab1e031b0423e73518c2b4d0db files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5: Support libedit in base

Even though libedit is in base FreeBSD, the krb5 ports still depend
on devel/libedit when the LIBEDIT option is selected. This is because
./configure uses pkgconf to determine if libedit exists, ignoring
libedit in FreeBSD base. This patch adds a new LIBEDIT_BASE option
which enables LIBEDIT (LIBEDIT_BASE) without installing the
devel/libedit port.

The GNU READLINE option will remain the default for now but it is
planned to switch the default to LIBEDIT_BASE at some point. This is
to reduce the dependency on GNU software and to bring it more into
line with the planned MIT KRB5 import into FreeBSD base.

(cherry picked from commit e89f84156a8fcb2f81c1f962845f4456b2f62f63)
1.21.1
16 Aug 2023 15:31:23
commit hash: 68803eb8cc9886c539e24ce36586d56c6143a5bdcommit hash: 68803eb8cc9886c539e24ce36586d56c6143a5bdcommit hash: 68803eb8cc9886c539e24ce36586d56c6143a5bdcommit hash: 68803eb8cc9886c539e24ce36586d56c6143a5bd files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5*: Disable NLS when option is deselected

When the NLS option is deselected, ./configure reverts to
enable_nls=check. As some prerequisites do require NLS, NLS is
always enabled even when deslected. This ensures that when NLS
is not wanted, that it is not used, regardless of its install status.

(cherry picked from commit 0b58b7b475e3100adfb3b532f2dfb9505e79bf83)
1.21.1
11 Jul 2023 18:25:33
commit hash: 785abdad74bb4364a3be784a18ec96f1595ff3b4commit hash: 785abdad74bb4364a3be784a18ec96f1595ff3b4commit hash: 785abdad74bb4364a3be784a18ec96f1595ff3b4commit hash: 785abdad74bb4364a3be784a18ec96f1595ff3b4 files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Update to 1.21.1

MFH:		2023Q3
(cherry picked from commit 200dd94d25137db6e1f06948c1894244b073465c)

Number of commits found: 5
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
chromiumOct 30
firefoxOct 30
ungoogled-chromiumOct 30
erlangOct 29
erlang-runtime26Oct 29
erlang-runtime27Oct 29
erlang-runtime28Oct 29
keaOct 29
kea-develOct 29
linux-c7-sqlite3Oct 29
py-dj51-social-auth-app-djangoOct 29
py-dj52-social-auth-app-djangoOct 29
py-social-auth-app-djangoOct 29
sqlite3Oct 29
linux-c7-sqlite3Oct 28

31 vulnerabilities affecting 285 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2025-10-30 21:38:05 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 33872
Broken 121
Deprecated 230
Ignore 241
Forbidden 0
Restricted 2
No CDROM 1
Vulnerable 39
Expired 11
Set to expire 171
Interactive 0
new 24 hours 10
new 48 hours12
new 7 days53
new fortnight96
new month218
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2025 Dan Langille. All rights reserved.