Bug 209165

Summary: net/nss_ldap allow selection of Kerberos implementation to link against while configuring port options
Product: Ports & Packages Reporter: marc.priggemeyer
Component: Individual Port(s)Assignee: Dag-Erling Smørgrav <des>
Status: New ---    
Severity: Affects Only Me CC: w.schwarzenfeld
Priority: --- Flags: bugzilla: maintainer-feedback? (des)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
unified diff for net/nss_ldap/Makefile
none
new patch with minor additions none

Description marc.priggemeyer 2016-04-30 12:26:49 UTC
Created attachment 169828 [details]
unified diff for net/nss_ldap/Makefile

At the moment it's impossible to set WITHOUT_KERBEROS=YES in /etc/src.conf while having Kerberos option activated for net/nss_ldap.

The attached unified diff for net/nss_ldap/Makefile adds options to select a Kerberos implementation as dependency during configuration of the port.

Options are:
SYSTEMKRB -> use Heimdal Kerberos implementation shipped with the base system
MIT -> use MIT Kerberos implementation from ports (security/krb5)
HEIMDAL -> use Heimdal Kerberos implementation from ports (security/heimdal)
Comment 1 marc.priggemeyer 2017-03-02 14:58:58 UTC
Created attachment 180439 [details]
new patch with minor additions

I added minor changes to the patch for the configure.in file. Also, LDFLAGS were added dependend on the selected Kerberos implementation.
Comment 2 Jan Beich freebsd_committer 2018-02-10 16:21:37 UTC
gecko@ doesn't maintain any nsswitch.conf(5) modules. Only bug 165263 was related. Kerberos support in www/firefox relies on gssapi(3) (not security/nss) but the state on FreeBSD is unknown to me.
Comment 3 marc.priggemeyer 2018-02-12 20:23:18 UTC
(In reply to Jan Beich from comment #2)
I'm not really sure how this relates to thunderbird problems in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165263.

Nevertheless, will this be addressed in the near future? I am using the configuration option to have a functional net/nss_ldap in my personal package repository for a while now.
Considering the following - and maybe the usecase is a little special by itself - the patch is useful in automated build environments:
Stripped down and modified base (i.e. WITHOUT_KERBEROS) -> used as reference for build jails in poudriere -> net/nss_ldap fails because Kerberos implementation that might have to be pulled in as a dependency from ports cannot be selected

In addition, whenever a Kerberos implementation from Ports is intended to be used, nss_ldap will fail during runtime because in its original state it will depend on system krb and krb.conf.