From 2c089337e7a4260cec5b83f98754e5dc8445a0f4 Mon Sep 17 00:00:00 2001
From: Christophe Raffalli <raffalli@univ-savoie.fr>
Date: Sat, 15 Jun 2013 06:40:01 +0000
Subject: [PATCH] OpenSSH: add Kerberos support

---
 pkgs/tools/networking/openssh/default.nix |  9 ++++++++-
 pkgs/top-level/all-packages.nix           | 13 ++++++++-----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 4296ba57f881..6d3120e7b996 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -1,8 +1,12 @@
 { stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam
 , etcDir ? null
 , hpnSupport ? false
+, withKerberos ? false
+, kerberos
 }:
 
+assert withKerberos -> kerberos != null;
+
 let
 
   hpnSrc = fetchurl {
@@ -28,7 +32,9 @@ stdenv.mkDerivation rec {
 
   patches = [ ./locale_archive.patch ];
 
-  buildInputs = [ zlib openssl libedit pkgconfig pam ];
+  buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
+    (if withKerberos then [ kerberos ] else [])
+  ;
 
   # I set --disable-strip because later we strip anyway. And it fails to strip
   # properly when cross building.
@@ -39,6 +45,7 @@ stdenv.mkDerivation rec {
       --disable-strip
       ${if pam != null then "--with-pam" else "--without-pam"}
       ${if etcDir != null then "--sysconfdir=${etcDir}" else ""}
+      ${if withKerberos  then "--with-kerberos5=${kerberos}" else ""}
     '';
 
   preConfigure =
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 319089ae223d..1555d505b1a3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1420,11 +1420,14 @@ let
 
   opensc_dnie_wrapper = callPackage ../tools/security/opensc-dnie-wrapper { };
 
-  openssh = callPackage ../tools/networking/openssh {
-    hpnSupport = false;
-    etcDir = "/etc/ssh";
-    pam = if stdenv.isLinux then pam else null;
-  };
+  openssh =
+    callPackage ../tools/networking/openssh {
+      hpnSupport = false;
+      withKerberos = false;
+      etcDir = "/etc/ssh";
+      pam = if stdenv.isLinux then pam else null;
+    };
+  openssh_with_kerberos = lowPrio (pkgs.appendToName "with-kerberos" (openssh.override { withKerberos = true; }));
 
   opensp = callPackage ../tools/text/sgml/opensp { };