From nobody Thu Mar 21 07:59:44 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V0dD62lNBz5FSsv for ; Thu, 21 Mar 2024 08:00:06 +0000 (UTC) (envelope-from freebsd@gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "prime.gushi.org", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V0dD55Z3Wz4nRG for ; Thu, 21 Mar 2024 08:00:05 +0000 (UTC) (envelope-from freebsd@gushi.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gushi.org header.s=prime2014 header.b="uS/9wbup"; dmarc=pass (policy=none) header.from=gushi.org; spf=pass (mx1.freebsd.org: domain of freebsd@gushi.org designates 2620:137:6000:10::142 as permitted sender) smtp.mailfrom=freebsd@gushi.org Received: from smtpclient.apple (vpn-aw.f.root-servers.org [149.20.11.9]) (authenticated bits=0) by prime.gushi.org (8.17.2/8.17.2) with ESMTPSA id 42L801eC089081 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 21 Mar 2024 08:00:04 GMT (envelope-from freebsd@gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 42L801eC089081 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1711008004; bh=F7HaIswCQM/oszamtGdXgtxjT/6xITz/PhfQftcKUSc=; h=From:Subject:Date:To; z=From:=20"Dan=20Mahoney=20(Ports)"=20|Subject:= 20ksu=20has=20no=20man=20page?|Date:=20Thu,=2021=20Mar=202024=2000 :59:44=20-0700|To:=20questions=20; b=uS/9wbupN33HnEjj4FfWhSYEjTblJ76EwLSNU1+x1vkH0psJcD8RYiDF9Fn5GK4ap osjV+f373O95if4F5QFko02Yvcl/6hUpnU7BqqhTlG1ECD8QvhC96au15VoEL45Zs+ 5ToWqWGMz9qnmXLMymO/DjFcfn6EwLtA4NUxTE9O/HLEPXO775u6H19ilazrWTIwjZ YOZ3uuHuQHiO09zEh0gFXFOooGWsxPSpG5AoJVOXPygzpzw2nUl4h8VauOKBlJ7SXr cXF5gbg9LAZ3tkNSLTbnnHUDJpT3wQqbZMltj5v58ufUuGPvocAJ+DuF4VyB+eSOau 1PLFHIERDCS6A== X-Authentication-Warning: prime.gushi.org: Host vpn-aw.f.root-servers.org [149.20.11.9] claimed to be smtpclient.apple From: "Dan Mahoney (Ports)" Content-Type: multipart/alternative; boundary="Apple-Mail=_5D860E45-8DEA-4D32-B7BD-45A9CE8B069F" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\)) Subject: ksu has no man page? Message-Id: Date: Thu, 21 Mar 2024 00:59:44 -0700 To: questions X-Mailer: Apple Mail (2.3774.400.31) X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.60 / 15.00]; DWL_DNSWL_MED(-2.00)[gushi.org:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[gushi.org,none]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[gushi.org:s=prime2014]; RCVD_IN_DNSWL_MED(-0.20)[2620:137:6000:10::142:from]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ONCE_RECEIVED(0.10)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[gushi.org:+]; MLMMJ_DEST(0.00)[questions@freebsd.org]; APPLE_MAILER_COMMON(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_XAW(0.00)[] X-Rspamd-Queue-Id: 4V0dD55Z3Wz4nRG --Apple-Mail=_5D860E45-8DEA-4D32-B7BD-45A9CE8B069F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii So this is weird. Dayjob is a FreeBSD and kerberos shop, and we use the = built in heimdal kerberos in base. I had an expired root password, and ksu decided to try to force a = password change on me. (It then failed, because ipfw didn't have the = privs to contact the kdc on the kpasswd port -- we only allow that from = our shell servers, where people should be changing passwords). Anyway...the man page *does* exist in = /usr/src/crypto/heimdal/appl/su/su.1, but that weird behavior is not = mentioned. And apparently su has been removed from current kerberos cuts https://github.com/heimdal/heimdal/blob/master/appl/Makefile.am lists = "remove appl/su" in their changelog six years ago. So, um.... Why is FreeBSD not shipping the existing manpage as /man1/ksu.1? That = would at least be something. (Yes, I know from conversations with cy@ that apparently there's some = coming change to using MIT, which makes this a moot point. I'm just = trying to read the tea leaves here). -Dan= --Apple-Mail=_5D860E45-8DEA-4D32-B7BD-45A9CE8B069F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii So this is = weird.  Dayjob is a FreeBSD and kerberos shop, and we use the =  built in heimdal kerberos in base.

I had an expired root password, and ksu decided to = try to force a password change on me.  (It then failed, = because ipfw didn't have the privs to contact the = kdc on the kpasswd port -- we only allow that from our = shell servers, where people should be changing = passwords).

Anyway...the man page *does* exist in /usr/src/crypto/heimdal/appl/su/su.1, but that weird behavior is = not mentioned.

And = apparently su has been removed from current kerberos cuts

h= ttps://github.com/heimdal/heimdal/blob/master/appl/Makefile.am lists "remove appl/su" in their changelog six years = ago.

So, = um....

Why is FreeBSD = not shipping the existing manpage as /man1/ksu.1? =  That would at least be something.

(Yes, I know = from conversations with cy@ that apparently there's some coming change = to using MIT, which makes this a moot point.  I'm just trying = to read the tea leaves here).

-Dan= --Apple-Mail=_5D860E45-8DEA-4D32-B7BD-45A9CE8B069F--