Bug 216242
| Summary: | net/nss-pam-ldapd: update init script to prevent racing kstart | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Phillip R. Jaenke <prj> | ||||
| Component: | Individual Port(s) | Assignee: | Ryan Steinmetz <zi> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | adam.creativeasset, jameslambertt, prj | ||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(zi) |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Tested as per zi@ on IRC if REQUIRE will cause failure if kstart is absent or not enabled. rc.d/nslcd does attempt to start but fails with an exepcted configuration error (missing krb5_ccname file) A commit references this bug: Author: zi Date: Mon Jan 23 02:20:51 UTC 2017 New revision: 432185 URL: https://svnweb.freebsd.org/changeset/ports/432185 Log: - Update nslcd rc script to REQUIRE kstart PR: 216242 Submitted by: prj@rootwyrm.com Changes: head/net/nss-pam-ldapd/Makefile head/net/nss-pam-ldapd/files/nslcd.in MARKED AS SPAM MARKED AS SPAM |
Created attachment 179046 [details] patch files/nslcd.in to REQUIRE kstart For GSSAPI environments using security/kstart to leverage a krb5 keytab (a common deployment), the nslcd init script can and does race kstart resulting in what appears to the user as nslcd failing to connect to the LDAP server. Attached patch corrects this by making rc.d/nslcd REQUIRE kstart.