From e674769e8edb8665ddafdc23e4c34185fd4397c6 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bjk@FreeBSD.org>
Date: Wed, 16 Jul 2014 02:47:17 +0000
Subject: [PATCH] Attempt to dispel rumors that GSSAPI and Kerberos are
 interchangable.

The Generic Security Services Application Programming Interface is an
abstract interface for creating security contexts between two peers to
allow for secure passing of messages and other operations, which allows
for the use of many different underlying security mechanisms.  Kerberos
5 is a common such security mechanism, but is far from the only mechanism
in use.  Many krb5 implementations provide a GSSAPI library that provides
the krb5 mechanism(s); in some cases, those libraries can also support
user-provided GSSAPI mechanisms as well.  The only implementations of the
GSSAPI which are currently supported by the USES=gssapi support in the
Ports Collection are such libraries provided by krb5 implementations.

Approved by:	hrs (mentor)
---
 en_US.ISO8859-1/books/porters-handbook/uses.xml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/en_US.ISO8859-1/books/porters-handbook/uses.xml b/en_US.ISO8859-1/books/porters-handbook/uses.xml
index 238d7ccaa3..7cef64171f 100644
--- a/en_US.ISO8859-1/books/porters-handbook/uses.xml
+++ b/en_US.ISO8859-1/books/porters-handbook/uses.xml
@@ -275,10 +275,12 @@
     <literal>flags</literal>, <literal>bootstrap</literal></entry>
 
   <entry>
-    <para>Handle dependency on <application>Kerberos</application>
-      ports.  By default, or set to <literal>base</literal>,
-      <application>Kerberos</application> from the base system is
-      used.  Set to <literal>heimdal</literal> to use <package
+    <para>Handle dependencies needed by consumers of the
+      <acronym>GSS-API</acronym>.  Only libraries that provide the
+      <application>Kerberos</application> mechanism are available.
+      By default, or set to <literal>base</literal>,
+      the <acronym>GSS-API</acronym> library from the base system is used.
+      Can also be set to <literal>heimdal</literal> to use <package
 	role="port">security/heimdal</package>, or
       <literal>mit</literal> to use <package
 	role="port">security/krb5</package>.</para>
@@ -287,7 +289,8 @@
       installation is not in <varname>LOCALBASE</varname>, set
       <varname>HEIMDAL_HOME</varname> (for <literal>heimdal</literal>)
       or <varname>KRB5_HOME</varname> (for <literal>krb5</literal>) to
-      the base <application>Kerberos</application> directory.</para>
+      the location of the <application>Kerberos</application>
+      installation.</para>
 
     <para>These variables are exported for the ports to use:</para>
 
@@ -301,7 +304,7 @@
       <listitem><para><varname>GSSAPI_CONFIGURE_ARGS</varname></para></listitem>
     </itemizedlist>
 
-    <para>The <literal>flags</literal> option can be set with
+    <para>The <literal>flags</literal> option can be given alongside
       <literal>base</literal>, <literal>heimdal</literal>, or
       <literal>mit</literal> to automatically add
       <varname>GSSAPICPPFLAGS</varname>,
@@ -312,7 +315,7 @@
       <literal>base,flags</literal>.</para>
 
     <para>The <literal>bootstrap</literal> option is a special prefix
-      only for use with <package role="port">security/krb5</package>
+      only for use by <package role="port">security/krb5</package>
       and <package role="port">security/heimdal</package>.  For
       example, use <literal>bootstrap,mit</literal>.</para>