|Summary:||net/nss_ldap allow selection of Kerberos implementation to link against while configuring port options|
|Product:||Ports & Packages||Reporter:||marc.priggemeyer|
|Component:||Individual Port(s)||Assignee:||Dag-Erling Smørgrav <des>|
|Severity:||Affects Only Me||CC:||w.schwarzenfeld|
Description marc.priggemeyer 2016-04-30 12:26:49 UTC
Created attachment 169828 [details] unified diff for net/nss_ldap/Makefile At the moment it's impossible to set WITHOUT_KERBEROS=YES in /etc/src.conf while having Kerberos option activated for net/nss_ldap. The attached unified diff for net/nss_ldap/Makefile adds options to select a Kerberos implementation as dependency during configuration of the port. Options are: SYSTEMKRB -> use Heimdal Kerberos implementation shipped with the base system MIT -> use MIT Kerberos implementation from ports (security/krb5) HEIMDAL -> use Heimdal Kerberos implementation from ports (security/heimdal)
Comment 1 marc.priggemeyer 2017-03-02 14:58:58 UTC
Created attachment 180439 [details] new patch with minor additions I added minor changes to the patch for the configure.in file. Also, LDFLAGS were added dependend on the selected Kerberos implementation.
Comment 2 Jan Beich 2018-02-10 16:21:37 UTC
gecko@ doesn't maintain any nsswitch.conf(5) modules. Only bug 165263 was related. Kerberos support in www/firefox relies on gssapi(3) (not security/nss) but the state on FreeBSD is unknown to me.
Comment 3 marc.priggemeyer 2018-02-12 20:23:18 UTC
(In reply to Jan Beich from comment #2) I'm not really sure how this relates to thunderbird problems in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165263. Nevertheless, will this be addressed in the near future? I am using the configuration option to have a functional net/nss_ldap in my personal package repository for a while now. Considering the following - and maybe the usecase is a little special by itself - the patch is useful in automated build environments: Stripped down and modified base (i.e. WITHOUT_KERBEROS) -> used as reference for build jails in poudriere -> net/nss_ldap fails because Kerberos implementation that might have to be pulled in as a dependency from ports cannot be selected In addition, whenever a Kerberos implementation from Ports is intended to be used, nss_ldap will fail during runtime because in its original state it will depend on system krb and krb.conf.