Once upon a time we had both "crypto" and "krb5" distributions,

and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.

release/Makefile

@@ -228,8 +228,7 @@ ZIPNSPLIT=		gzip --no-name -9 -c | split -b 1423k -
 
 # Things that need to be compiled without crypto support in releases
 .if !defined(FIXCRYPTO) && !make(release) && !make(rerelease)
-FIXCRYPTO!=	cd ${.CURDIR}/../kerberos5; ${MAKE} -V KPROGS; \
-		cd ${.CURDIR}/../secure; ${MAKE} -V SPROGS
+FIXCRYPTO!=	cd ${.CURDIR}/../secure; ${MAKE} -V SPROGS
 .endif
 
 # Things which may get you into trouble if you change them

secure/Makefile

@@ -5,6 +5,7 @@ SUBDIR= lib libexec usr.bin usr.sbin
 # These are programs which depend on crypto, but not Kerberos.
 SPROGS=	bin/ed usr.sbin/ppp usr.sbin/pppd usr.sbin/tcpdump/tcpdump \
 	lib/libfetch usr.bin/fetch usr.sbin/pkg_install \
+	lib/libpam \
 	lib/libtelnet libexec/telnetd usr.bin/telnet
 .if !defined(NO_SENDMAIL)
 SPROGS+=usr.sbin/sendmail