Bug 216242 - net/nss-pam-ldapd: update init script to prevent racing kstart
Summary: net/nss-pam-ldapd: update init script to prevent racing kstart
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ryan Steinmetz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-18 19:44 UTC by Phillip R. Jaenke
Modified: 2019-04-26 14:57 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (zi)

Attachments
patch files/nslcd.in to REQUIRE kstart (382 bytes, text/plain)
2017-01-18 19:44 UTC, Phillip R. Jaenke 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Phillip R. Jaenke 2017-01-18 19:44:13 UTC 
Created attachment 179046 [details]
patch files/nslcd.in to REQUIRE kstart

For GSSAPI environments using security/kstart to leverage a krb5 keytab (a common deployment), the nslcd init script can and does race kstart resulting in what appears to the user as nslcd failing to connect to the LDAP server. 

Attached patch corrects this by making rc.d/nslcd REQUIRE kstart.
Comment 1 Phillip R. Jaenke 2017-01-18 19:49:04 UTC 
Tested as per zi@ on IRC if REQUIRE will cause failure if kstart is absent or not enabled. rc.d/nslcd does attempt to start but fails with an exepcted configuration error (missing krb5_ccname file)
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-01-23 02:21:55 UTC 
A commit references this bug:

Author: zi
Date: Mon Jan 23 02:20:51 UTC 2017
New revision: 432185
URL: https://svnweb.freebsd.org/changeset/ports/432185

Log:
  - Update nslcd rc script to REQUIRE kstart

  PR:		216242
  Submitted by:	prj@rootwyrm.com

Changes:
  head/net/nss-pam-ldapd/Makefile
  head/net/nss-pam-ldapd/files/nslcd.in
Comment 3 John Taylor 2017-01-25 08:10:03 UTC 
MARKED AS SPAM
Comment 4 Adam Lewis 2019-04-26 14:57:00 UTC 
MARKED AS SPAM