From nobody@FreeBSD.org  Mon Mar 10 18:28:37 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4FA101065670
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 18:28:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3C7248FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 18:28:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m2AIPOKf041984
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 18:25:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m2AIPOgV041983;
	Mon, 10 Mar 2008 18:25:24 GMT
	(envelope-from nobody)
Message-Id: <200803101825.m2AIPOgV041983@www.freebsd.org>
Date: Mon, 10 Mar 2008 18:25:24 GMT
From: Randy Reitz <rreitz@fnal.gov>
To: freebsd-gnats-submit@FreeBSD.org
Subject: port 'krb5' (MIT Kerberos) generates non-working ksu
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         121573
>Category:       ports
>Synopsis:       security/krb5 (MIT Kerberos) generates non-working ksu
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    cy
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 10 18:30:03 UTC 2008
>Closed-Date:    Wed May 04 04:30:45 UTC 2011
>Last-Modified:  Wed May 04 04:30:45 UTC 2011
>Originator:     Randy Reitz
>Release:        7.0-RELEASE
>Organization:
Fermilab
>Environment:
FreeBSD dtmb.dhcp.fnal.gov 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
I needed to install the krb5 port so that the kadmin client would work with the MIT KDCs installed at Fermilab.  I found that the krb5 port ksu command generates the error...

[rreitz@dtmb ~]$ ksu
/libexec/ld-elf.so.1: /usr/lib/libkrb5.so: Undefined symbol "initialize_asn1_error_table_r"
[rreitz@dtmb ~]$ which ksu
/usr/local/bin/ksu

Once I installed the krb5 port, I had to set LD_LIBRARY_PATH=/usr/local/lib in order to get the clients (kinit, klist, etc) working.  However, since krb5 is suid root, the LD_LIBRARY_PATH environment is ignored. Looking at the ksu, I see the libkrb5.so from the default Heimdal Kerberos is being called...

[rreitz@dtmb ~]$ ldd /usr/local/bin/ksu
/usr/local/bin/ksu:
	libkrb5.so => /usr/lib/libkrb5.so (0x2808f000)
	libk5crypto.so => /usr/local/lib/libk5crypto.so (0x280c9000)
	libcom_err.so => /usr/lib/libcom_err.so (0x280ed000)
	libkrb5support.so => /usr/local/lib/libkrb5support.so (0x280ef000)
	libc.so.7 => /lib/libc.so.7 (0x280f7000)



>How-To-Repeat:
Install the krb5 port on a clean FreeBSD 7.0-RELEASE install (developer).  Run ksu.
>Fix:
- provide a way to remove the default Heimdal Kerberos, or

- Add LDFLAGS to top level makefile ...
CONFIGURE_ENV=          INSTALL="${INSTALL}" YACC=/usr/bin/yacc \
                        CFLAGS="${CFLAGS}" \
                        LDFLAGS="-rpath /usr/local/lib"   <-- add this line
and
- fix the Makefile (or Makefile.in) in /usr/ports/security/krb5/work/krb5-1.6.3/src/clients/ksu so the LDFLAGS is correct.  It's currently ...
LDFLAGS =  -rpath=/usr/lib:/usr/local/lib
I can't follow configure to understand where this line originates.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->cy 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Mar 10 21:36:27 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121573 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: bug-followup@FreeBSD.org, rreitz@fnal.gov
Cc:  
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Mon, 10 Mar 2008 16:17:52 -0700

 What is your ldconfig_paths set to in rc.conf?
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 			e**(i*pi)+1=0
 
 

From: Randolph Reitz <rreitz@fnal.gov>
To: Cy Schubert <Cy.Schubert@komquats.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Mon, 10 Mar 2008 21:20:07 -0500

 On Mar 10, 2008, at 6:17 PM, Cy Schubert wrote:
 
 > What is your ldconfig_paths set to in rc.conf?
 >
 >
 > --  
 > Cheers,
 > Cy Schubert <Cy.Schubert@komquats.com>
 > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >
 > 			e**(i*pi)+1=0
 >
 >
 
 The rc.conf is fresh from the developer install...
 
 [rreitz@dtmb ~]$ cat /etc/rc.conf
 
 # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 # Created: Wed Mar  5 06:54:20 2008
 # Enable network daemons for user convenience.
 # Please make all changes to this file, not to /etc/defaults/rc.conf.
 # This file now contains just the overrides from /etc/defaults/rc.conf.
 font8x14="NO"
 font8x16="swiss-8x16"
 font8x8="swiss-8x8"
 hostname="dtmb.dhcp.fnal.gov"
 ifconfig_bge0="DHCP"
 inetd_enable="NO"
 linux_enable="YES"
 moused_enable="YES"
 moused_type="auto"
 allscreens_flags=MODE_30
 # sshd
 sshd_enable="YES"
 # ntp
 ntpd_enable="YES"
 ntpd_flags=""
 ntpdate_enable="YES"
 ntpdate_flags="-s -v 131.225.87.200"
 
 I added the lines for sshd and ntp and the allscreens_flags.  There is  
 no ldconfig_paths entry.
 
 Randy
 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: Randolph Reitz <rreitz@fnal.gov>
Cc: Cy Schubert <Cy.Schubert@komquats.com>, bug-followup@FreeBSD.org
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Tue, 11 Mar 2008 09:20:35 -0700

 In message <CA6CF5BB-89E0-4E62-9EE3-86805BA400DF@fnal.gov>, Randolph Reitz 
 writ
 es:
 > 
 > On Mar 10, 2008, at 6:17 PM, Cy Schubert wrote:
 > 
 > > What is your ldconfig_paths set to in rc.conf?
 > >
 > >
 > > --  
 > > Cheers,
 > > Cy Schubert <Cy.Schubert@komquats.com>
 > > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 > >
 > > 			e**(i*pi)+1=0
 > >
 > >
 > 
 > The rc.conf is fresh from the developer install...
 > 
 > [rreitz@dtmb ~]$ cat /etc/rc.conf
 > 
 > # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 > # Created: Wed Mar  5 06:54:20 2008
 > # Enable network daemons for user convenience.
 > # Please make all changes to this file, not to /etc/defaults/rc.conf.
 > # This file now contains just the overrides from /etc/defaults/rc.conf.
 > font8x14="NO"
 > font8x16="swiss-8x16"
 > font8x8="swiss-8x8"
 > hostname="dtmb.dhcp.fnal.gov"
 > ifconfig_bge0="DHCP"
 > inetd_enable="NO"
 > linux_enable="YES"
 > moused_enable="YES"
 > moused_type="auto"
 > allscreens_flags=MODE_30
 > # sshd
 > sshd_enable="YES"
 > # ntp
 > ntpd_enable="YES"
 > ntpd_flags=""
 > ntpdate_enable="YES"
 > ntpdate_flags="-s -v 131.225.87.200"
 > 
 > I added the lines for sshd and ntp and the allscreens_flags.  There is  
 > no ldconfig_paths entry.
 > 
 > Randy
 
 It's been a while since I've done an install from CD or network. Could you 
 please grep ldconfig_paths /etc/defaults/rc.conf for me. Thanks.
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 			e**(i*pi)+1=0
 
 

From: Randolph Reitz <rreitz@fnal.gov>
To: Cy Schubert <Cy.Schubert@komquats.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Tue, 11 Mar 2008 11:33:04 -0500

 On Mar 11, 2008, at   11:20, Cy Schubert wrote:
 
 > In message <CA6CF5BB-89E0-4E62-9EE3-86805BA400DF@fnal.gov>, Randolph  
 > Reitz
 > writ
 > es:
 >>
 >> On Mar 10, 2008, at 6:17 PM, Cy Schubert wrote:
 >>
 >>> What is your ldconfig_paths set to in rc.conf?
 >>>
 >>>
 >>> --  
 >>> Cheers,
 >>> Cy Schubert <Cy.Schubert@komquats.com>
 >>> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >>>
 >>> 			e**(i*pi)+1=0
 >>>
 >>>
 >>
 >> The rc.conf is fresh from the developer install...
 >>
 >> [rreitz@dtmb ~]$ cat /etc/rc.conf
 >>
 >> # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 >> # Created: Wed Mar  5 06:54:20 2008
 >> # Enable network daemons for user convenience.
 >> # Please make all changes to this file, not to /etc/defaults/rc.conf.
 >> # This file now contains just the overrides from /etc/defaults/ 
 >> rc.conf.
 >> font8x14="NO"
 >> font8x16="swiss-8x16"
 >> font8x8="swiss-8x8"
 >> hostname="dtmb.dhcp.fnal.gov"
 >> ifconfig_bge0="DHCP"
 >> inetd_enable="NO"
 >> linux_enable="YES"
 >> moused_enable="YES"
 >> moused_type="auto"
 >> allscreens_flags=MODE_30
 >> # sshd
 >> sshd_enable="YES"
 >> # ntp
 >> ntpd_enable="YES"
 >> ntpd_flags=""
 >> ntpdate_enable="YES"
 >> ntpdate_flags="-s -v 131.225.87.200"
 >>
 >> I added the lines for sshd and ntp and the allscreens_flags.  There  
 >> is
 >> no ldconfig_paths entry.
 >>
 >> Randy
 >
 > It's been a while since I've done an install from CD or network.  
 > Could you
 > please grep ldconfig_paths /etc/defaults/rc.conf for me. Thanks.
 
 [root@dtmb ~]# egrep ldconfig /etc/defaults/rc.conf
 ldconfig_insecure="NO"	# Set to YES to disable ldconfig security checks
 ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/ 
 pkg"
 ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library  
 search paths
 ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
 ldconfig_local_dirs="/usr/local/libdata/ldconfig"
 			# Local directories with ldconfig configuration files.
 ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
 			# Local directories with 32-bit compatibility ldconfig
 
 Yea, I forgot about the defaults.
 
 Randy
 >
 >
 >
 > -- 
 > Cheers,
 > Cy Schubert <Cy.Schubert@komquats.com>
 > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >
 > 			e**(i*pi)+1=0
 >
 >
 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: Randolph Reitz <rreitz@fnal.gov>
Cc: bug-followup <bug-followup@freebsd.org>
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Tue, 11 Mar 2008 22:35:08 -0700

 In message <F2E25468-24A5-434A-B9D9-17081CF7E249@fnal.gov>, Randolph Reitz 
 writ
 es:
 > 
 > On Mar 11, 2008, at   11:45, Cy Schubert wrote:
 > 
 > > In message <200803111640.m2BGe2Ir040267@freefall.freebsd.org>,  
 > > Randolph
 > > Reitz w
 > > rites:
 > >> The following reply was made to PR ports/121573; it has been noted  
 > >> by GNATS.
 > >>
 > >> From: Randolph Reitz <rreitz@fnal.gov>
 > >> To: Cy Schubert <Cy.Schubert@komquats.com>
 > >> Cc: bug-followup@FreeBSD.org
 > >> Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates  
 > >> non-working
 > >> ksu
 > >> Date: Tue, 11 Mar 2008 11:33:04 -0500
 > >>
 > >> On Mar 11, 2008, at   11:20, Cy Schubert wrote:
 > >>
 > >>> In message <CA6CF5BB-89E0-4E62-9EE3-86805BA400DF@fnal.gov>, Randolph
 > >>> Reitz
 > >>> writ
 > >>> es:
 > >>>>
 > >>>> On Mar 10, 2008, at 6:17 PM, Cy Schubert wrote:
 > >>>>
 > >>>>> What is your ldconfig_paths set to in rc.conf?
 > >>>>>
 > >>>>>
 > >>>>> --  
 > >>>>> Cheers,
 > >>>>> Cy Schubert <Cy.Schubert@komquats.com>
 > >>>>> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 > >>>>>
 > >>>>> 			e**(i*pi)+1=0
 > >>>>>
 > >>>>>
 > >>>>
 > >>>> The rc.conf is fresh from the developer install...
 > >>>>
 > >>>> [rreitz@dtmb ~]$ cat /etc/rc.conf
 > >>>>
 > >>>> # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 > >>>> # Created: Wed Mar  5 06:54:20 2008
 > >>>> # Enable network daemons for user convenience.
 > >>>> # Please make all changes to this file, not to /etc/defaults/ 
 > >>>> rc.conf.
 > >>>> # This file now contains just the overrides from /etc/defaults/
 > >>>> rc.conf.
 > >>>> font8x14="NO"
 > >>>> font8x16="swiss-8x16"
 > >>>> font8x8="swiss-8x8"
 > >>>> hostname="dtmb.dhcp.fnal.gov"
 > >>>> ifconfig_bge0="DHCP"
 > >>>> inetd_enable="NO"
 > >>>> linux_enable="YES"
 > >>>> moused_enable="YES"
 > >>>> moused_type="auto"
 > >>>> allscreens_flags=MODE_30
 > >>>> # sshd
 > >>>> sshd_enable="YES"
 > >>>> # ntp
 > >>>> ntpd_enable="YES"
 > >>>> ntpd_flags=""
 > >>>> ntpdate_enable="YES"
 > >>>> ntpdate_flags="-s -v 131.225.87.200"
 > >>>>
 > >>>> I added the lines for sshd and ntp and the allscreens_flags.  There
 > >>>> is
 > >>>> no ldconfig_paths entry.
 > >>>>
 > >>>> Randy
 > >>>
 > >>> It's been a while since I've done an install from CD or network.
 > >>> Could you
 > >>> please grep ldconfig_paths /etc/defaults/rc.conf for me. Thanks.
 > >>
 > >> [root@dtmb ~]# egrep ldconfig /etc/defaults/rc.conf
 > >> ldconfig_insecure="NO"	# Set to YES to disable ldconfig security  
 > >> check
 > >> s
 > >> ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/
 > >> pkg"
 > >> ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library
 > >> search paths
 > >> ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
 > >> ldconfig_local_dirs="/usr/local/libdata/ldconfig"
 > >> 			# Local directories with ldconfig configuration files.
 > >> ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
 > >> 			# Local directories with 32-bit compatibility ldconfig
 > >>
 > >> Yea, I forgot about the defaults.
 > >>
 > >> Randy
 > >
 > > Not a problem. I'll get a chance to poke around at this at home  
 > > tonight.
 > > I'm not experiencing this problem at home or here at the BC Government
 > > Datacentre, so this will require a bit of investigation.
 > >
 > > BTW, what platform are you running on? i386, amd64? I can only test  
 > > on i386
 > > and amd64 at home and my FreeBSD sparc testbed here at work died a few
 > > months ago.
 > >
 > >
 > I've got ...
 > [root@dtmb ~]# uname -a
 > FreeBSD dtmb.dhcp.fnal.gov 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb  
 > 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/ 
 > sys/GENERIC  i386
 > 
 > The processors are AMD dual-cores and there are two, so it's a dual- 
 > dual=4 cores.
 
 Randy,
 
 I managed to build and install a virgin install of krb5 on my testbed. Here 
 is my ldd output:
 
 bob$ ldd /usr/local/bin/ksu
 /usr/local/bin/ksu:
 	libkrb5.so => /usr/local/lib/libkrb5.so (0x28090000)
 	libk5crypto.so => /usr/local/lib/libk5crypto.so (0x28146000)
 	libcom_err.so => /usr/local/lib/libcom_err.so (0x28170000)
 	libkrb5support.so => /usr/local/lib/libkrb5support.so (0x28177000)
 	libc.so.7 => /lib/libc.so.7 (0x28181000)
 bob$ 
 
 Could you send me a copy of /etc/rc.conf and /etc/defaults/rc.conf. Thanks.
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 			e**(i*pi)+1=0
 
 

From: Randolph Reitz <rreitz@fnal.gov>
To: Cy Schubert <Cy.Schubert@komquats.com>
Cc: bug-followup <bug-followup@freebsd.org>
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Wed, 12 Mar 2008 13:48:43 -0500

 On Mar 12, 2008, at   12:35, Cy Schubert wrote:
 
 > In message <F2E25468-24A5-434A-B9D9-17081CF7E249@fnal.gov>, Randolph  
 > Reitz
 > writ
 > es:
 >>
 >> On Mar 11, 2008, at   11:45, Cy Schubert wrote:
 >>
 >>> In message <200803111640.m2BGe2Ir040267@freefall.freebsd.org>,
 >>> Randolph
 >>> Reitz w
 >>> rites:
 >>>> The following reply was made to PR ports/121573; it has been noted
 >>>> by GNATS.
 >>>>
 >>>> From: Randolph Reitz <rreitz@fnal.gov>
 >>>> To: Cy Schubert <Cy.Schubert@komquats.com>
 >>>> Cc: bug-followup@FreeBSD.org
 >>>> Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates
 >>>> non-working
 >>>> ksu
 >>>> Date: Tue, 11 Mar 2008 11:33:04 -0500
 >>>>
 >>>> On Mar 11, 2008, at   11:20, Cy Schubert wrote:
 >>>>
 >>>>> In message <CA6CF5BB-89E0-4E62-9EE3-86805BA400DF@fnal.gov>,  
 >>>>> Randolph
 >>>>> Reitz
 >>>>> writ
 >>>>> es:
 >>>>>>
 >>>>>> On Mar 10, 2008, at 6:17 PM, Cy Schubert wrote:
 >>>>>>
 >>>>>>> What is your ldconfig_paths set to in rc.conf?
 >>>>>>>
 >>>>>>>
 >>>>>>> --  
 >>>>>>> Cheers,
 >>>>>>> Cy Schubert <Cy.Schubert@komquats.com>
 >>>>>>> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >>>>>>>
 >>>>>>> 			e**(i*pi)+1=0
 >>>>>>>
 >>>>>>>
 >>>>>>
 >>>>>> The rc.conf is fresh from the developer install...
 >>>>>>
 >>>>>> [rreitz@dtmb ~]$ cat /etc/rc.conf
 >>>>>>
 >>>>>> # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 >>>>>> # Created: Wed Mar  5 06:54:20 2008
 >>>>>> # Enable network daemons for user convenience.
 >>>>>> # Please make all changes to this file, not to /etc/defaults/
 >>>>>> rc.conf.
 >>>>>> # This file now contains just the overrides from /etc/defaults/
 >>>>>> rc.conf.
 >>>>>> font8x14="NO"
 >>>>>> font8x16="swiss-8x16"
 >>>>>> font8x8="swiss-8x8"
 >>>>>> hostname="dtmb.dhcp.fnal.gov"
 >>>>>> ifconfig_bge0="DHCP"
 >>>>>> inetd_enable="NO"
 >>>>>> linux_enable="YES"
 >>>>>> moused_enable="YES"
 >>>>>> moused_type="auto"
 >>>>>> allscreens_flags=MODE_30
 >>>>>> # sshd
 >>>>>> sshd_enable="YES"
 >>>>>> # ntp
 >>>>>> ntpd_enable="YES"
 >>>>>> ntpd_flags=""
 >>>>>> ntpdate_enable="YES"
 >>>>>> ntpdate_flags="-s -v 131.225.87.200"
 >>>>>>
 >>>>>> I added the lines for sshd and ntp and the allscreens_flags.   
 >>>>>> There
 >>>>>> is
 >>>>>> no ldconfig_paths entry.
 >>>>>>
 >>>>>> Randy
 >>>>>
 >>>>> It's been a while since I've done an install from CD or network.
 >>>>> Could you
 >>>>> please grep ldconfig_paths /etc/defaults/rc.conf for me. Thanks.
 >>>>
 >>>> [root@dtmb ~]# egrep ldconfig /etc/defaults/rc.conf
 >>>> ldconfig_insecure="NO"	# Set to YES to disable ldconfig security
 >>>> check
 >>>> s
 >>>> ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/ 
 >>>> compat/
 >>>> pkg"
 >>>> ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library
 >>>> search paths
 >>>> ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
 >>>> ldconfig_local_dirs="/usr/local/libdata/ldconfig"
 >>>> 			# Local directories with ldconfig configuration files.
 >>>> ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
 >>>> 			# Local directories with 32-bit compatibility ldconfig
 >>>>
 >>>> Yea, I forgot about the defaults.
 >>>>
 >>>> Randy
 >>>
 >>> Not a problem. I'll get a chance to poke around at this at home
 >>> tonight.
 >>> I'm not experiencing this problem at home or here at the BC  
 >>> Government
 >>> Datacentre, so this will require a bit of investigation.
 >>>
 >>> BTW, what platform are you running on? i386, amd64? I can only test
 >>> on i386
 >>> and amd64 at home and my FreeBSD sparc testbed here at work died a  
 >>> few
 >>> months ago.
 >>>
 >>>
 >> I've got ...
 >> [root@dtmb ~]# uname -a
 >> FreeBSD dtmb.dhcp.fnal.gov 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun  
 >> Feb
 >> 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/
 >> sys/GENERIC  i386
 >>
 >> The processors are AMD dual-cores and there are two, so it's a dual-
 >> dual=4 cores.
 >
 > Randy,
 >
 > I managed to build and install a virgin install of krb5 on my  
 > testbed. Here
 > is my ldd output:
 >
 > bob$ ldd /usr/local/bin/ksu
 > /usr/local/bin/ksu:
 > 	libkrb5.so => /usr/local/lib/libkrb5.so (0x28090000)
 > 	libk5crypto.so => /usr/local/lib/libk5crypto.so (0x28146000)
 > 	libcom_err.so => /usr/local/lib/libcom_err.so (0x28170000)
 > 	libkrb5support.so => /usr/local/lib/libkrb5support.so (0x28177000)
 > 	libc.so.7 => /lib/libc.so.7 (0x28181000)
 > bob$
 >
 > Could you send me a copy of /etc/rc.conf and /etc/defaults/rc.conf.  
 > Thanks.
 >
 Here are the conf files...
 
 [rreitz@brevix ~]$ ssh -l root dtmb.dhcp.fnal.gov
 Warning: No xauth data; using fake authentication data for X11  
 forwarding.
 Last login: Tue Mar 11 11:30:45 2008 from brevix.dhcp.fna
 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
 	The Regents of the University of California.  All rights reserved.
 
 FreeBSD 7.0-RELEASE (GENERIC) #0: Sun Feb 24 19:59:52 UTC 2008
 
 Welcome to FreeBSD!
 
 Before seeking technical support, please use the following resources:
 
 o  Security advisories and updated errata information for all releases  
 are
     at http://www.FreeBSD.org/releases/ - always consult the ERRATA  
 section
     for your release first as it's updated frequently.
 
 o  The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
     along with the mailing lists, can be searched by going to
     http://www.FreeBSD.org/search/.  If the doc distribution has
     been installed, they're also available formatted in /usr/share/doc.
 
 If you still have a question or problem, please take the output of
 `uname -a', along with any relevant error messages, and email it
 as a question to the questions@FreeBSD.org mailing list.  If you are
 unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
 manual page.  If you are not familiar with manual pages, type `man man'.
 
 You may also use sysinstall(8) to re-enter the installation and
 configuration utility.  Edit /etc/motd to change this login  
 announcement.
 
 [root@dtmb ~]# cat /etc/rc.conf
 
 # -- sysinstall generated deltas -- # Wed Mar  5 06:54:20 2008
 # Created: Wed Mar  5 06:54:20 2008
 # Enable network daemons for user convenience.
 # Please make all changes to this file, not to /etc/defaults/rc.conf.
 # This file now contains just the overrides from /etc/defaults/rc.conf.
 font8x14="NO"
 font8x16="swiss-8x16"
 font8x8="swiss-8x8"
 hostname="dtmb.dhcp.fnal.gov"
 ifconfig_bge0="DHCP"
 inetd_enable="NO"
 linux_enable="YES"
 moused_enable="YES"
 moused_type="auto"
 allscreens_flags=MODE_30
 # sshd
 sshd_enable="YES"
 # ntp
 ntpd_enable="YES"
 ntpd_flags=""
 ntpdate_enable="YES"
 ntpdate_flags="-s -v 131.225.87.200"
 [root@dtmb ~]# cat /etc/defaults/rc.conf
 #!/bin/sh
 
 # This is rc.conf - a file full of useful variables that you can set
 # to change the default startup behavior of your system.  You should
 # not edit this file!  Put any overrides into one of the $ 
 {rc_conf_files}
 # instead and you will be able to update these defaults later without
 # spamming your local configuration information.
 #
 # The ${rc_conf_files} files should only contain values which override
 # values set in this file.  This eases the upgrade path when defaults
 # are changed and new features are added.
 #
 # All arguments must be in double or single quotes.
 #
 # For a more detailed explanation of all the rc.conf variables, please
 # refer to the rc.conf(5) manual page.
 #
 # $FreeBSD: src/etc/defaults/rc.conf,v 1.318.2.1.2.2 2008/01/29  
 00:22:33 dougb Exp $
 
 ##############################################################
 ###  Important initial Boot-time options  ####################
 ##############################################################
 
 rc_debug="NO"		# Set to YES to enable debugging output from rc.d
 rc_info="NO"		# Enables display of informational messages at boot.
 rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
 early_late_divider="FILESYSTEMS"	# Script that separates early/late
 			# stages of the boot process.  Make sure you know
 			# the ramifications if you change this.
 			# See rc.conf(5) for more details.
 
 swapfile="NO"		# Set to name of swapfile if aux swapfile desired.
 apm_enable="NO"		# Set to YES to enable APM BIOS functions (or NO).
 apmd_enable="NO"	# Run apmd to handle APM event from userland.
 apmd_flags=""		# Flags to apmd (if enabled).
 devd_enable="YES" 	# Run devd, to trigger programs on device tree  
 changes.
 devd_flags=""		# Additional flags for devd(8).
 kldxref_enable="NO"	# Build linker.hints files with kldxref(8).
 kldxref_clobber="NO"	# Overwrite old linker.hints at boot.
 kldxref_module_path=""	# Override kern.module_path. A ';'-delimited  
 list.
 powerd_enable="NO" 	# Run powerd to lower our power usage.
 powerd_flags=""		# Flags to powerd (if enabled).
 tmpmfs="AUTO"		# Set to YES to always create an mfs /tmp, NO to never
 tmpsize="20m"		# Size of mfs /tmp if created
 tmpmfs_flags="-S"	# Extra mdmfs options for the mfs /tmp
 varmfs="AUTO"		# Set to YES to always create an mfs /var, NO to never
 varsize="32m"		# Size of mfs /var if created
 varmfs_flags="-S"	# Extra mount options for the mfs /var
 populate_var="AUTO"	# Set to YES to always (re)populate /var, NO to  
 never
 cleanvar_enable="YES" 	# Clean the /var directory
 local_startup="/usr/local/etc/rc.d" # startup script dirs.
 script_name_sep=" "	# Change if your startup scripts' names contain  
 spaces
 rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
 
 # ZFS support
 zfs_enable="NO"		# Set to YES to automatically mount ZFS file systems
 
 # Experimental - test before enabling
 gbde_autoattach_all="NO" # YES automatically mounts gbde devices from  
 fstab
 gbde_devices="NO" 	# Devices to automatically attach (list, or AUTO)
 gbde_attach_attempts="3" # Number of times to attempt attaching gbde  
 devices
 gbde_lockdir="/etc"	# Where to look for gbde lockfiles
 
 # GELI disk encryption configuration.
 geli_devices=""		# List of devices to automatically attach in addition  
 to
 			# GELI devices listed in /etc/fstab.
 geli_tries=""		# Number of times to attempt attaching geli device.
 			# If empty, kern.geom.eli.tries will be used.
 geli_default_flags=""	# Default flags for geli(8).
 geli_autodetach="YES"	# Automatically detach on last close.
 			# Providers are marked as such when all file systems are
 			# mounted.
 # Example use.
 #geli_devices="da1 mirror/home"
 #geli_da1_flags="-p -k /etc/geli/da1.keys"
 #geli_da1_autodetach="NO"
 #geli_mirror_home_flags="-k /etc/geli/home.keys"
 
 geli_swap_flags="-e aes -l 256 -s 4096 -d"	# Options for GELI-encrypted
 						# swap partitions.
 
 root_rw_mount="YES"	# Set to NO to inhibit remounting root read-write.
 fsck_y_enable="NO"	# Set to YES to do fsck -y if the initial preen  
 fails.
 background_fsck="YES"	# Attempt to run fsck in the background where  
 possible.
 background_fsck_delay="60" # Time to wait (seconds) before starting  
 the fsck.
 netfs_types="nfs:NFS nfs4:NFS4 smbfs:SMB portalfs:PORTAL nwfs:NWFS" #  
 Net filesystems.
 extra_netfs_types="NO"	# List of network extra filesystem types for  
 delayed
 			# mount at startup (or NO).
 
 ##############################################################
 ###  Network configuration sub-section  ######################
 ##############################################################
 
 ### Basic network and firewall/security options: ###
 hostname=""			# Set this!
 hostid_enable="YES"		# Set host UUID.
 hostid_file="/etc/hostid"	# File with hostuuid.
 nisdomainname="NO"		# Set to NIS domain if using NIS (or NO).
 dhclient_program="/sbin/dhclient"	# Path to dhcp client program.
 dhclient_flags=""		# Extra flags to pass to dhcp client.
 #dhclient_flags_fxp0=""		# Extra dhclient flags for fxp0 only
 background_dhclient="NO"	# Start dhcp client in the background.
 #background_dhclient_fxp0="YES"	# Start dhcp client on fxp0 in the  
 background.
 synchronous_dhclient="YES"	# Start dhclient directly on configured
 				# interfaces during startup.
 firewall_enable="NO"		# Set to YES to enable firewall functionality
 firewall_script="/etc/rc.firewall" # Which script to run to set up the  
 firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
 firewall_myservices=""		# List of TCP ports on which this host
 				#  offers services
 firewall_allowservices=""	# List of IPs which has access to
 				#  $firewall_myservices
 firewall_trusted=""		# List of IPs which has full access to this host
 firewall_logdeny="NO"		# Set to YES to log default denied incoming
 				#  packets.
 firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/ 
 UDP ports
 				#  for which denied incoming packets are not
 				#  logged.
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port
 ike_enable="NO"			# Enable IKE daemon (usually racoon or isakmpd)
 ike_program="/usr/local/sbin/isakmpd"	# Path to IKE daemon
 ike_flags=""			# Additional flags for IKE daemon
 ipsec_enable="NO"		# Set to YES to run setkey on ipsec_file
 ipsec_file="/etc/ipsec.conf"	# Name of config file for setkey
 natd_program="/sbin/natd"	# path to natd, if you want a different one.
 natd_enable="NO"		# Enable natd (if firewall_enable == YES).
 natd_interface=""		# Public interface or IPaddress to use.
 natd_flags=""			# Additional flags for natd.
 ipfilter_enable="NO"		# Set to YES to enable ipfilter functionality
 ipfilter_program="/sbin/ipf"	# where the ipfilter program lives
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter,  
 see
 				# /usr/src/contrib/ipfilter/rules for examples
 ipfilter_flags=""		# additional flags for ipfilter
 ipnat_enable="NO"		# Set to YES to enable ipnat functionality
 ipnat_program="/sbin/ipnat"	# where the ipnat program lives
 ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat
 ipnat_flags=""			# additional flags for ipnat
 ipmon_enable="NO"		# Set to YES for ipmon; needs ipfilter or ipnat
 ipmon_program="/sbin/ipmon"	# where the ipfilter monitor program lives
 ipmon_flags="-Ds"		# typically "-Ds" or "-D /var/log/ipflog"
 ipfs_enable="NO"		# Set to YES to enable saving and restoring
 				# of state tables at shutdown and boot
 ipfs_program="/sbin/ipfs"	# where the ipfs program lives
 ipfs_flags=""			# additional flags for ipfs
 pf_enable="NO"			# Set to YES to enable packet filter (pf)
 pf_rules="/etc/pf.conf"		# rules definition file for pf
 pf_program="/sbin/pfctl"	# where the pfctl program lives
 pf_flags=""			# additional flags for pfctl
 pflog_enable="NO"		# Set to YES to enable packet filter logging
 pflog_logfile="/var/log/pflog"	# where pflogd should store the logfile
 pflog_program="/sbin/pflogd"	# where the pflogd program lives
 pflog_flags=""			# additional flags for pflogd
 ftpproxy_enable="NO"		# Set to YES to enable ftp-proxy(8) for pf
 ftpproxy_flags=""		# additional flags for ftp-proxy(8)
 pfsync_enable="NO"		# Expose pf state to other hosts for syncing
 pfsync_syncdev=""		# Interface for pfsync to work through
 pfsync_syncpeer=""		# IP address of pfsync peer host
 pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
 log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
 tcp_drop_synfin="NO"		# Set to YES to drop TCP packets with SYN+FIN
 				# NOTE: this violates the TCP specification
 icmp_drop_redirect="NO" 	# Set to YES to ignore ICMP REDIRECT packets
 icmp_log_redirect="NO"		# Set to YES to log ICMP REDIRECT packets
 network_interfaces="auto"	# List of network interfaces (or "auto").
 cloned_interfaces=""		# List of cloned network interfaces to create.
 #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config.
 ifconfig_lo0="inet 127.0.0.1"	# default loopback device configuration.
 #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample  
 alias entry.
 #ifconfig_ed0_ipx="ipx 0x00010010"	# Sample IPX address family entry.
 #ifconfig_fxp0_name="net0"	# Change interface name from fxp0 to net0.
 #ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4  
 address entry.
 #
 #autobridge_interfaces="bridge0"	# List of bridges to check
 #autobridge_bridge0="tap* vlan0"	# Interface glob to automatically add  
 to the bridge
 #
 # If you have any sppp(4) interfaces above, you might also want to set
 # the following parameters.  Refer to spppcontrol(8) for their meaning.
 sppp_interfaces=""		# List of sppp interfaces.
 #sppp_interfaces="isp0"		# example: sppp over ISDN
 #spppconfig_isp0="authproto=chap myauthname=foo myauthsecret='top  
 secret' hisauthname=some-gw hisauthsecret='another secret'"
 gif_interfaces=""		# List of GIF tunnels.
 #gif_interfaces="gif0 gif1"	# Examples typically for a router.
 				# Choose correct tunnel addrs.
 #gifconfig_gif0="10.1.1.1 10.1.2.1"	# Examples typically for a router.
 #gifconfig_gif1="10.1.1.2 10.1.2.2"	# Examples typically for a router.
 fec_interfaces=""		# List of Fast EtherChannels.
 #fec_interfaces="fec0 fec1"
 #fecconfig_fec0="fxp0 dc0"	# Examples typically for two NICs
 #fecconfig_fec1="em0 em1 bge0 bge1"	# Examples typically for four NICs
 
 # User ppp configuration.
 ppp_enable="NO"		# Start user-ppp (or NO).
 ppp_program="/usr/sbin/ppp"	# Path to user-ppp program.
 ppp_mode="auto"		# Choice of "auto", "ddial", "direct" or "dedicated".
 			# For details see man page for ppp(8). Default is auto.
 ppp_nat="YES"		# Use PPP's internal network address translation or NO.
 ppp_profile="papchap"	# Which profile to use from /etc/ppp/ppp.conf.
 ppp_user="root"		# Which user to run ppp as
 
 # Start multiple instances of ppp at boot time
 #ppp_profile="profile1 profile2 profile3"	# Which profiles to use
 #ppp_profile1_mode="ddial"	# Override ppp mode for profile1
 #ppp_profile2_nat="NO"		# Override nat mode for profile2
 # profile3 uses default ppp_mode and ppp_nat
 
 ### Network daemon (miscellaneous) ###
 hostapd_enable="NO"		# Run hostap daemon.
 syslogd_enable="YES"		# Run syslog daemon (or NO).
 syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a  
 different one.
 syslogd_flags="-s"		# Flags to syslogd (if enabled).
 inetd_enable="NO"		# Run the network daemon dispatcher (YES/NO).
 inetd_program="/usr/sbin/inetd"	# path to inetd, if you want a  
 different one.
 inetd_flags="-wW -C 60"		# Optional flags to inetd
 #
 # named.  It may be possible to run named in a sandbox, man security for
 # details.
 #
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_program="/usr/sbin/named"	# path to named, if you want a  
 different one.
 #named_flags="" 		# Flags for named
 named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
 named_uid="bind" 		# User to run named as
 named_chrootdir="/var/named"	# Chroot directory (or "" not to auto- 
 chroot it)
 named_chroot_autoupdate="YES"	# Automatically install/update chrooted
 				# components of named. See /etc/rc.d/named.
 named_symlink_enable="YES"	# Symlink the chrooted pid file
 
 #
 # kerberos. Do not run the admin daemons on slave servers
 #
 kerberos5_server_enable="NO"	# Run a kerberos 5 master server (or NO).
 kerberos5_server="/usr/libexec/kdc"	# path to kerberos 5 KDC
 kerberos5_server_flags="--detach"	# Additional flags to the kerberos 5  
 server
 kadmind5_server_enable="NO"	# Run kadmind (or NO)
 kadmind5_server="/usr/libexec/kadmind"	# path to kerberos 5 admin daemon
 kpasswdd_server_enable="NO"	# Run kpasswdd (or NO)
 kpasswdd_server="/usr/libexec/kpasswdd"	# path to kerberos 5 passwd  
 daemon
 
 rwhod_enable="NO"		# Run the rwho daemon (or NO).
 rwhod_flags=""			# Flags for rwhod
 rarpd_enable="NO"		# Run rarpd (or NO).
 rarpd_flags=""			# Flags to rarpd.
 bootparamd_enable="NO"		# Run bootparamd (or NO).
 bootparamd_flags=""		# Flags to bootparamd
 pppoed_enable="NO"		# Run the PPP over Ethernet daemon.
 pppoed_provider="*"		# Provider and ppp(8) config file entry.
 pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
 pppoed_interface="fxp0"		# The interface that pppoed runs on.
 sshd_enable="NO"		# Enable sshd
 sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different  
 one.
 sshd_flags=""			# Additional flags for sshd.
 ftpd_enable="NO"		# Enable stand-alone ftpd.
 ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a  
 different one.
 ftpd_flags=""			# Additional flags to stand-alone ftpd.
 
 ### Network daemon (NFS): All need rpcbind_enable="YES" ###
 amd_enable="NO"			# Run amd service with $amd_flags (or NO).
 amd_program="/usr/sbin/amd"	# path to amd, if you want a different one.
 amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
 amd_map_program="NO"		# Can be set to "ypcat -k amd.master"
 nfs_client_enable="NO"		# This host is an NFS client (or NO).
 nfs_access_cache="60"		# Client cache timeout in seconds
 nfs_server_enable="NO"		# This host is an NFS server (or NO).
 nfs_server_flags="-u -t -n 4"	# Flags to nfsd (if enabled).
 idmapd_enable="NO"		# Run the NFS4 id mapper (YES/NO).
 idmapd_flags=""			# Additional flags for idmapd.
 mountd_enable="NO"		# Run mountd (or NO).
 mountd_flags="-r"		# Flags to mountd (if NFS server enabled).
 weak_mountd_authentication="NO"	# Allow non-root mount requests to be  
 served.
 nfs_reserved_port_only="NO"	# Provide NFS only on secure port (or NO).
 nfs_bufpackets=""		# bufspace (in packets) for client
 rpc_lockd_enable="NO"		# Run NFS rpc.lockd needed for client/server.
 rpc_lockd_flags=""		# Flags to rpc.lockd (if enabled).
 rpc_statd_enable="NO"		# Run NFS rpc.statd needed for client/server.
 rpc_statd_flags=""		# Flags to rpc.statd (if enabled).
 rpcbind_enable="NO"		# Run the portmapper service (YES/NO).
 rpcbind_program="/usr/sbin/rpcbind"	# path to rpcbind, if you want a  
 different one.
 rpcbind_flags=""		# Flags to rpcbind (if enabled).
 rpc_ypupdated_enable="NO"	# Run if NIS master and SecureRPC (or NO).
 keyserv_enable="NO"		# Run the SecureRPC keyserver (or NO).
 keyserv_flags=""		# Flags to keyserv (if enabled).
 
 ### Network Time Services options: ###
 timed_enable="NO"		# Run the time daemon (or NO).
 timed_flags=""			# Flags to timed (if enabled).
 ntpdate_enable="NO"		# Run ntpdate to sync time on boot (or NO).
 ntpdate_program="/usr/sbin/ntpdate"	# path to ntpdate, if you want a  
 different one.
 ntpdate_flags="-b"		# Flags to ntpdate (if enabled).
 ntpdate_config="/etc/ntp.conf"	# ntpdate(8) configuration file
 ntpdate_hosts=""		# Whitespace-separated list of ntpdate(8) servers.
 ntpd_enable="NO"		# Run ntpd Network Time Protocol (or NO).
 ntpd_program="/usr/sbin/ntpd"	# path to ntpd, if you want a different  
 one.
 ntpd_config="/etc/ntp.conf"	# ntpd(8) configuration file
 ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset  
 is high
 ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
 				# Flags to ntpd (if enabled).
 
 # Network Information Services (NIS) options: All need  
 rpcbind_enable="YES" ###
 nis_client_enable="NO"		# We're an NIS client (or NO).
 nis_client_flags=""		# Flags to ypbind (if enabled).
 nis_ypset_enable="NO"		# Run ypset at boot time (or NO).
 nis_ypset_flags=""		# Flags to ypset (if enabled).
 nis_server_enable="NO"		# We're an NIS server (or NO).
 nis_server_flags=""		# Flags to ypserv (if enabled).
 nis_ypxfrd_enable="NO"		# Run rpc.ypxfrd at boot time (or NO).
 nis_ypxfrd_flags=""		# Flags to rpc.ypxfrd (if enabled).
 nis_yppasswdd_enable="NO"	# Run rpc.yppasswdd at boot time (or NO).
 nis_yppasswdd_flags=""		# Flags to rpc.yppasswdd (if enabled).
 
 ### SNMP daemon ###
 # Be sure to understand the security implications of running SNMP v1/v2
 # in your network.
 bsnmpd_enable="NO"		# Run the SNMP daemon (or NO).
 bsnmpd_flags=""			# Flags for bsnmpd.
 
 ### Network routing options: ###
 defaultrouter="NO"		# Set to default gateway (or NO).
 static_routes=""		# Set to static route list (or leave empty).
 natm_static_routes=""		# Set to static route list for NATM (or leave  
 empty).
 gateway_enable="NO"		# Set to YES if this host will be a gateway.
 router_enable="NO"		# Set to YES to enable a routing daemon.
 router="/sbin/routed"		# Name of routing daemon to use if enabled.
 router_flags="-q"		# Flags for routing daemon.
 mrouted_enable="NO"		# Do IPv4 multicast routing.
 mrouted_program="/usr/local/sbin/mrouted"	# Name of IPv4 multicast
 						# routing daemon.  You need to
 						# install it from package or
 						# port.
 mrouted_flags=""		# Flags for multicast routing daemon.
 ipxgateway_enable="NO"		# Set to YES to enable IPX routing.
 ipxrouted_enable="NO"		# Set to YES to run the IPX routing daemon.
 ipxrouted_flags=""		# Flags for IPX routing daemon.
 arpproxy_all="NO"		# replaces obsolete kernel option ARP_PROXYALL.
 forward_sourceroute="NO"	# do source routing (only if gateway_enable  
 is set to "YES")
 accept_sourceroute="NO"		# accept source routed packets to us
 
 ### ATM interface options: ###
 atm_enable="NO"			# Configure ATM interfaces (or NO).
 #atm_netif_hea0="atm 1"		# Network interfaces for physical interface.
 #atm_sigmgr_hea0="uni31"	# Signalling manager for physical interface.
 #atm_prefix_hea0="ILMI"		# NSAP prefix (UNI interfaces only) (or ILMI).
 #atm_macaddr_hea0="NO"		# Override physical MAC address (or NO).
 #atm_arpserver_atm0 
 ="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server  
 address (or local).
 #atm_scsparp_atm0="NO"		# Run SCSP/ATMARP on network interface (or NO).
 atm_pvcs=""			# Set to PVC list (or leave empty).
 atm_arps=""			# Set to permanent ARP list (or leave empty).
 
 ### ISDN interface options: (see also: /usr/share/examples/isdn) ###
 isdn_enable="NO"		# Enable the ISDN subsystem (or NO).
 isdn_fsdev="NO"			# Output device for fullscreen mode (or NO for  
 daemon mode).
 isdn_flags="-dn -d0x1f9"	# Flags for isdnd
 isdn_ttype="cons25"		# terminal type for fullscreen mode
 isdn_screenflags="NO"		# screenflags for ${isdn_fsdev}
 isdn_trace="NO"			# Enable the ISDN trace subsystem (or NO).
 isdn_traceflags="-f /var/tmp/isdntrace0"	# Flags for isdntrace
 
 ### Bluetooth ###
 hcsecd_enable="NO"		# Enable hcsecd(8) (or NO)
 hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration  
 file
 
 sdpd_enable="NO"		# Enable sdpd(8) (or NO)
 sdpd_control="/var/run/sdp"	# sdpd(8) control socket
 sdpd_groupname="nobody"		# set spdp(8) user/group to run as after
 sdpd_username="nobody"		# it initializes
 
 bthidd_enable="NO"		# Enable bthidd(8) (or NO)
 bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration  
 file
 bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file
 
 ### Miscellaneous network options: ###
 icmp_bmcastecho="NO"	# respond to broadcast ping packets
 
 ### IPv6 options: ###
 ipv6_enable="NO"		# Set to YES to set up for IPv6.
 ipv6_network_interfaces="auto"	# List of network interfaces (or "auto").
 ipv6_defaultrouter="NO"		# Set to IPv6 default gateway (or NO).
 #ipv6_defaultrouter="2002:c058:6301::"	# Use this for 6to4 (RFC 3068)
 ipv6_static_routes=""		# Set to static route list (or leave empty).
 #ipv6_static_routes="xxx"	# An example to set fec0:0000:0000:0006::/64
 				#  route toward loopback interface.
 #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
 ipv6_gateway_enable="NO"	# Set to YES if this host will be a gateway.
 ipv6_router_enable="NO"		# Set to YES to enable an IPv6 routing daemon.
 ipv6_router="/usr/sbin/route6d"	# Name of IPv6 routing daemon.
 ipv6_router_flags=""		# Flags to IPv6 routing daemon.
 #ipv6_router_flags="-l"		# Example for route6d with only IPv6 site local
 				# addrs.
 #ipv6_router_flags="-q"		# If you want to run a routing daemon on an end
 				# node, you should stop advertisement.
 #ipv6_network_interfaces="ed0 ep0"	# Examples for router
 					# or static configuration for end node.
 					# Choose correct prefix value.
 #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002"  # Examples  
 for rtr.
 #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004"  # Examples  
 for rtr.
 #ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64"	# Sample manual assign  
 entry
 #ipv6_ifconfig_ed0_alias0="fec0:0:0:5::2 prefixlen 64" # Sample alias  
 entry.
 ipv6_default_interface="NO"	# Default output interface for scoped addrs.
 				# Now this works only for IPv6 link local
 				# multicast addrs.
 rtsol_flags=""			# Flags to IPv6 router solicitation.
 rtadvd_enable="NO"		# Set to YES to enable an IPv6 router
 				# advertisement daemon. If set to YES,
 				# this router becomes a possible candidate
 				# IPv6 default router for local subnets.
 rtadvd_interfaces=""		# Interfaces rtadvd sends RA packets.
 mroute6d_enable="NO"		# Do IPv6 multicast routing.
 mroute6d_program="/usr/local/sbin/pim6dd"	# Name of IPv6 multicast
 						# routing daemon.  You need to
 						# install it from package or
 						# port.
 mroute6d_flags=""		# Flags to IPv6 multicast routing daemon.
 stf_interface_ipv4addr=""	# Local IPv4 addr for 6to4 IPv6 over IPv4
 				# tunneling interface. Specify this entry
 				# to enable 6to4 interface.
 stf_interface_ipv4plen="0"	# Prefix length for 6to4 IPv4 addr,
 				# to limit peer addr range. Effective value
 				# is 0-31.
 stf_interface_ipv6_ifid="0:0:0:1"	# IPv6 interface id for stf0.
 				# If you like, you can set "AUTO" for this.
 stf_interface_ipv6_slaid="0000"	# IPv6 Site Level Aggregator for stf0
 ipv6_faith_prefix="NO"		# Set faith prefix to enable a FAITH
 				# IPv6-to-IPv4 TCP translator.  You also need
 				# faithd(8) setup.
 ipv6_ipv4mapping="NO"		# Set to "YES" to enable IPv4 mapped IPv6 addr
 				# communication. (like ::ffff:a.b.c.d)
 ipv6_firewall_enable="NO"	# Set to YES to enable IPv6 firewall
 				# functionality
 ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set  
 up the IPv6 firewall
 ipv6_firewall_type="UNKNOWN"	# IPv6 Firewall type (see /etc/ 
 rc.firewall6)
 ipv6_firewall_quiet="NO"	# Set to YES to suppress rule display
 ipv6_firewall_logging="NO"	# Set to YES to enable events logging
 ipv6_firewall_flags=""		# Flags passed to ip6fw when type is a file
 ipv6_ipfilter_rules="/etc/ipf6.rules"	# rules definition file for  
 ipfilter,
 					# see /usr/src/contrib/ipfilter/rules
 					# for examples
 ip6addrctl_enable="YES"	# Set to YES to enable default address selection
 ip6addrctl_verbose="NO"	# Set to YES to enable verbose configuration  
 messages
 
 ##############################################################
 ###  System console options  #################################
 ##############################################################
 
 keyboard=""		# keyboard device to use (default /dev/kbd0).
 keymap="NO"		# keymap in /usr/share/syscons/keymaps/* (or NO).
 keyrate="NO"		# keyboard rate to: slow, normal, fast (or NO).
 keybell="NO" 		# See kbdcontrol(1) for options.  Use "off" to disable.
 keychange="NO"		# function keys default values (or NO).
 cursor="NO"		# cursor type {normal|blink|destructive} (or NO).
 scrnmap="NO"		# screen map in /usr/share/syscons/scrnmaps/* (or NO).
 font8x16="NO"		# font 8x16 from /usr/share/syscons/fonts/* (or NO).
 font8x14="NO"		# font 8x14 from /usr/share/syscons/fonts/* (or NO).
 font8x8="NO"		# font 8x8 from /usr/share/syscons/fonts/* (or NO).
 blanktime="300"		# blank time (in seconds) or "NO" to turn it off.
 saver="NO"		# screen saver: Uses /boot/kernel/${saver}_saver.ko
 moused_nondefault_enable="YES" # Treat non-default mice as enabled  
 unless
 			       # specifically overriden in rc.conf(5).
 moused_enable="NO"	# Run the mouse daemon.
 moused_type="auto"	# See man page for rc.conf(5) for available settings.
 moused_port="/dev/psm0"	# Set to your mouse port.
 moused_flags=""		# Any additional flags to moused.
 mousechar_start="NO"	# if 0xd0-0xd3 default range is occupied in your
 			# language code table, specify alternative range
 			# start like mousechar_start=3, see vidcontrol(1)
 allscreens_flags=""	# Set this vidcontrol mode for all virtual screens
 allscreens_kbdflags=""	# Set this kbdcontrol mode for all virtual  
 screens
 
 ##############################################################
 ###  Mail Transfer Agent (MTA) options  ######################
 ##############################################################
 
 mta_start_script="/etc/rc.sendmail"
 			# Script to start your chosen MTA, called by /etc/rc.
 # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
 sendmail_enable="NO"	# Run the sendmail inbound daemon (YES/NO).
 sendmail_pidfile="/var/run/sendmail.pid"	# sendmail pid file
 sendmail_procname="/usr/sbin/sendmail"		# sendmail process name
 sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
 sendmail_submit_enable="YES"	# Start a localhost-only MTA for mail  
 submission
 sendmail_submit_flags="-L sm-mta -bd -q30m - 
 ODaemonPortOptions=Addr=localhost"
 				# Flags for localhost-only MTA
 sendmail_outbound_enable="YES"	# Dequeue stuck mail (YES/NO).
 sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail  
 (outbound only)
 sendmail_msp_queue_enable="YES"	# Dequeue stuck clientmqueue mail (YES/ 
 NO).
 sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
 				# Flags for sendmail_msp_queue daemon.
 sendmail_rebuild_aliases="NO"	# Run newaliases if necessary (YES/NO).
 
 
 ##############################################################
 ###  Miscellaneous administrative options  ###################
 ##############################################################
 
 auditd_enable="NO"	# Run the audit daemon.
 auditd_program="/usr/sbin/auditd"	# Path to the audit daemon.
 auditd_flags=""		# Which options to pass to the audit daemon.
 cron_enable="YES"	# Run the periodic job daemon.
 cron_program="/usr/sbin/cron"	# Which cron executable to run (if  
 enabled).
 cron_dst="YES"		# Handle DST transitions intelligently (YES/NO)
 cron_flags=""		# Which options to pass to the cron daemon.
 lpd_enable="NO"		# Run the line printer daemon.
 lpd_program="/usr/sbin/lpd"	# path to lpd, if you want a different one.
 lpd_flags=""		# Flags to lpd (if enabled).
 nscd_enable="NO"	# Run the nsswitch caching daemon.
 chkprintcap_enable="NO"	# Run chkprintcap(8) before running lpd.
 chkprintcap_flags="-d"	# Create missing directories by default.
 dumpdev="AUTO"		# Device to crashdump to (device name, AUTO, or NO).
 dumpdir="/var/crash"	# Directory where crash dumps are to be stored
 savecore_flags=""	# Used if dumpdev is enabled above, and present.
 enable_quotas="NO"	# turn on quotas on startup (or NO).
 check_quotas="YES"	# Check quotas on startup (or NO).
 quotaon_flags="-a"	# Turn quotas on for all file systems (if enabled)
 quotaoff_flags="-a"	# Turn quotas off for all file systems at shutdown
 quotacheck_flags="-a"	# Check all file system quotas (if enabled)
 accounting_enable="NO"	# Turn on process accounting (or NO).
 ibcs2_enable="NO"	# Ibcs2 (SCO) emulation loaded at startup (or NO).
 ibcs2_loaders="coff"	# List of additional Ibcs2 loaders (or NO).
 
 # Emulation/compatibility services provided by /etc/rc.d/abi
 sysvipc_enable="NO"	# Load System V IPC primitives at startup (or NO).
 linux_enable="NO"	# Linux binary compatibility loaded at startup (or  
 NO).
 svr4_enable="NO"	# SysVR4 emulation loaded at startup (or NO).
 
 clear_tmp_enable="NO"	# Clear /tmp at startup.
 clear_tmp_X="YES" 	# Clear and recreate X11-related directories in /tmp
 ldconfig_insecure="NO"	# Set to YES to disable ldconfig security checks
 ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/ 
 pkg"
 			# shared library search paths
 ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library  
 search paths
 ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
 			# a.out shared library search paths
 ldconfig_local_dirs="/usr/local/libdata/ldconfig"
 			# Local directories with ldconfig configuration files.
 ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
 			# Local directories with 32-bit compatibility ldconfig
 			# configuration files.
 kern_securelevel_enable="NO"	# kernel security level (see init(8)),
 kern_securelevel="-1"	# range: -1..3 ; `-1' is the most insecure
 			# Note that setting securelevel to 0 will result
 			# in the system booting with securelevel set to 1, as
 			# init(8) will raise the level when rc(8) completes.
 update_motd="YES"	# update version info in /etc/motd (or NO)
 entropy_file="/entropy"	# Set to NO to disable caching entropy through  
 reboots.
 			# /var/db/entropy-file is preferred if / is not avail.
 entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy  
 via cron.
 entropy_save_sz="2048"	# Size of the entropy cache files.
 entropy_save_num="8"	# Number of entropy cache files to save.
 harvest_interrupt="YES"	# Entropy device harvests interrupt randomness
 harvest_ethernet="YES"	# Entropy device harvests ethernet randomness
 harvest_p_to_p="YES"	# Entropy device harvests point-to-point randomness
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
 watchdogd_enable="NO"	# Start the software watchdog daemon
 devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files  
 containing
 							    # devfs(8) rules.
 devfs_system_ruleset=""	# The name of a ruleset to apply to /dev
 devfs_set_rulesets=""	# A list of /mount/dev=ruleset_name settings to
 			# apply (must be mounted already, i.e. fstab(5))
 performance_cx_lowest="HIGH"	# Online CPU idle state
 performance_cpu_freq="NONE"	# Online CPU frequency
 economy_cx_lowest="HIGH"	# Offline CPU idle state
 economy_cpu_freq="NONE"		# Offline CPU frequency
 virecover_enable="YES"	# Perform housekeeping for the vi(1) editor
 ugidfw_enable="NO"	# Load mac_bsdextended(4) rules on boot
 bsdextended_script="/etc/rc.bsdextended"	# Default mac_bsdextended(4)
 						# ruleset file.
 newsyslog_enable="YES"	# Run newsyslog at startup.
 newsyslog_flags="-CN"	# Newsyslog flags to create marked files
 mixer_enable="YES"	# Run the sound mixer.
 
 ##############################################################
 ### Jail Configuration #######################################
 ##############################################################
 jail_enable="NO"	# Set to NO to disable starting of any jails
 jail_list=""		# Space separated list of names of jails
 jail_set_hostname_allow="YES" # Allow root user in a jail to change  
 its hostname
 jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
 jail_sysvipc_allow="NO"	# Allow SystemV IPC use from within a jail
 
 #
 # To use rc's built-in jail infrastructure create entries for
 # each jail, specified in jail_list, with the following variables.
 # NOTES:
 # - replace 'example' with the jail's name.
 # - except rootdir, hostname and ip, all of the following variables  
 may be made
 #   global jail variables if you don't specify a jail name (ie.  
 jail_interface).
 #
 #jail_example_rootdir="/usr/jail/default"	# Jail's root directory
 #jail_example_hostname="default.domain.com"	# Jail's hostname
 #jail_example_ip="192.168.0.10"			# Jail's IP number
 #jail_example_interface=""			# Interface to create the IP alias on
 #jail_example_exec_start="/bin/sh /etc/rc"		# command to execute in  
 jail for starting
 #jail_example_exec_afterstart0="/bin/sh command"	# command to execute  
 after the one for
 							# starting the jail. More than one can be
 							# specified using a trailing number
 #jail_example_exec_stop="/bin/sh /etc/rc.shutdown"	# command to  
 execute in jail for stopping
 #jail_example_devfs_enable="NO"			# mount devfs in the jail
 #jail_example_fdescfs_enable="NO"		# mount fdescfs in the jail
 #jail_example_procfs_enable="NO"		# mount procfs in jail
 #jail_example_mount_enable="NO"			# mount/umount jail's fs
 #jail_example_devfs_ruleset="ruleset_name"	# devfs ruleset to apply to  
 jail
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
 
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
 ### scripts to source rc_conf_files overrides safely.	    ##
 ##############################################################
 
 if [ -z "${source_rc_confs_defined}" ]; then
 	source_rc_confs_defined=yes
 	source_rc_confs () {
 		local i sourced_files
 		for i in ${rc_conf_files}; do
 			case ${sourced_files} in
 			*:$i:*)
 				;;
 			*)
 				sourced_files="${sourced_files}:$i:"
 				if [ -r $i ]; then
 					. $i
 				fi
 				;;
 			esac
 		done
 	}
 fi
 [root@dtmb ~]#
 
 I was going to re-build krb5, but I stepped on the high level Makefile  
 earlier in the week...
 
 [root@dtmb /usr/ports/security/krb5]# make describe
 krb5-1.6.3_3|/usr/ports/security/krb5|/usr/local|An authentication  
 system developed at MIT, successor to Kerberos IV|/usr/ports/security/krb5/pkg-descr|cy@FreeBSD.org 
 |security|/usr/ports/lang/perl5.8|/usr/ports/lang/perl5.8||/usr/ports/ 
 devel/gmake /usr/ports/devel/libtool15 /usr/ports/devel/m4 /usr/ports/ 
 lang/perl5.8 /usr/ports/print/dvipsk-tetex /usr/ports/print/texinfo||http://web.mit.edu/kerberos/
 [root@dtmb /usr/ports/security/krb5]# ls -lt
 total 18
 drwxr-xr-x  3 root  wheel   512 Mar 10 13:25 work
 -rw-r--r--  1 root  wheel  4716 Mar 10 11:30 Makefile
 drwxr-xr-x  2 root  wheel  1024 Mar  5 06:43 files
 -rw-r--r--  1 root  wheel  2281 Oct 29 18:23 pkg-plist
 -rw-r--r--  1 root  wheel   201 Oct 22 22:41 distinfo
 -rw-r--r--  1 root  wheel  1339 Apr 12  2005 pkg-descr
 
 I don't see how to refresh the port directory to get the original  
 Makefile.  Can you tell me how to do this?
 
 Thanks,
 Randy
 
 >
 > -- 
 > Cheers,
 > Cy Schubert <Cy.Schubert@komquats.com>
 > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >
 > 			e**(i*pi)+1=0
 >
 >
 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: Randolph Reitz <rreitz@fnal.gov>
Cc: Cy Schubert <Cy.Schubert@komquats.com>,
 bug-followup <bug-followup@freebsd.org>
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Tue, 25 Mar 2008 21:23:06 -0700

 Randolph,
 
 Would you please send me a copy of your make.conf. Thanks.
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 			e**(i*pi)+1=0
 
 

From: Randolph Reitz <rreitz@fnal.gov>
To: Cy Schubert <Cy.Schubert@komquats.com>
Cc: bug-followup <bug-followup@freebsd.org>
Subject: Re: ports/121573: security/krb5 (MIT Kerberos) generates non-working
 ksu
Date: Mon, 14 Apr 2008 11:25:40 -0500

 On Mar 25, 2008, at   11:23, Cy Schubert wrote:
 > Randolph,
 >
 > Would you please send me a copy of your make.conf. Thanks.
 >
 >
 > -- 
 > Cheers,
 > Cy Schubert <Cy.Schubert@komquats.com>
 > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 >
 > 			e**(i*pi)+1=0
 >
 >
 
 Sorry it took me so long.  Here is the make.conf.
 
 [root@dtmb /usr/ports/security/krb5]# find / -name make.conf
 find: /dev/ext2fs/: No such file or directory
 /usr/share/examples/etc/make.conf
 /usr/src/share/examples/etc/make.conf
 /usr/ports/ports-mgmt/portmk/files/make.conf
 /etc/make.conf
 [root@dtmb /usr/ports/security/krb5]# cat /etc/make.conf
 # added by use.perl 2008-03-05 14:18:24
 PERL_VER=5.8.8
 PERL_VERSION=5.8.8
 
 Randy
 
State-Changed-From-To: open->feedback 
State-Changed-By: cy 
State-Changed-When: Fri Nov 5 04:06:12 UTC 2010 
State-Changed-Why:  
Requested $KRB5_HOME. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121573 

From: Cy Schubert <Cy.Schubert@komquats.com>
To: Randy Reitz <rreitz@fnal.gov>, bug-followup <bug-followup@freebsd.org>
Cc:  
Subject: ports/121573
Date: Thu, 04 Nov 2010 21:05:48 -0700

 Can you tell me which directory KRB5 is installed in? e.g $KRB5_HOME?
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 			e**(i*pi)+1=0
 
 
State-Changed-From-To: feedback->closed 
State-Changed-By: cy 
State-Changed-When: Wed May 4 04:30:14 UTC 2011 
State-Changed-Why:  
Feedback timeout. Closed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121573 
>Unformatted:
