FreeBSD The Power to Serve

MIT Kerberos Import into FreeBSD

Contact: Cy Schubert <cy@FreeBSD.org>

The FreeBSD Foundation was approached to import MIT KRB5 into FreeBSD with the intent to replace our aging Heimdal.

The Enterprise Working Group made a request to the Foundation to replace Heimdal with MIT KRB5.

This is the first report for this project.

Tasks completed:

  • MIT KRB5 has been imported into FreeBSD 15-CURRENT.

  • The WITH_MITKRB5 option is disabled until a successful ports exp-run is complete.

Additional remaining tasks:

  • Fix port build errors identified by a ports exp-run.

  • Produce a writeup of the new Kerberos.

  • Determine if migration of the Heimdal database to an MIT database is possible. (At the moment this appears unlikely due to the age of our ancient Heimdal and the lack of support for old crypto in newer Heimdal MIT).

  • Produce Heimdal Kerberos database to MIT database migration documentation (if possible).

  • (Optional) Develop and discuss the import and migration options at the next BSDCan.

Sponsor: The FreeBSD Foundation

Last modified on: July 29, 2025 by Maxim Konovalov