Revert "openssh: Build with Kerberos by default"

This reverts commit a232dd66ee.

Moving to staging

pkgs/tools/networking/openssh/default.nix

@@ -1,12 +1,15 @@
 { stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook
 , etcDir ? null
 , hpnSupport ? false
-, withKerberos ? true
+, withKerberos ? false
 , withGssapiPatches ? false
 , kerberos
 , linkOpenssl? true
 }:
 
+assert withKerberos -> kerberos != null;
+assert withGssapiPatches -> withKerberos;
+
 let
 
   # **please** update this patch when you update to a new openssh release.
@@ -20,6 +23,8 @@ let
 in
 with stdenv.lib;
 stdenv.mkDerivation rec {
+  # Please ensure that openssh_with_kerberos still builds when
+  # bumping the version here!
   name = "openssh-${version}";
   version = if hpnSupport then "7.5p1" else "7.6p1";
 
@@ -42,7 +47,7 @@ stdenv.mkDerivation rec {
       # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
       ./dont_create_privsep_path.patch
     ]
-    ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
+    ++ optional withGssapiPatches gssapiPatch;
 
   postPatch =
     # On Hydra this makes installation fail (sometimes?),
@@ -54,8 +59,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ zlib openssl libedit pam ]
     ++ optional withKerberos kerberos
-    ++ optional hpnSupport autoreconfHook
-    ;
+    ++ optional hpnSupport autoreconfHook;
 
   preConfigure = ''
     # Setting LD causes `configure' and `make' to disagree about which linker
@@ -74,7 +78,7 @@ stdenv.mkDerivation rec {
     "--disable-strip"
     (if pam != null then "--with-pam" else "--without-pam")
   ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
-    ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}")
+    ++ optional withKerberos "--with-kerberos5=${kerberos}"
     ++ optional stdenv.isDarwin "--disable-libutil"
     ++ optional (!linkOpenssl) "--without-openssl";