|Summary:||net/nss-pam-ldapd: krb5_ccname option in nslcd.conf has no effect|
|Product:||Ports & Packages||Reporter:||Cullum Smith <cullum>|
|Component:||Individual Port(s)||Assignee:||Ryan Steinmetz <zi>|
|Severity:||Affects Some People||CC:||cullum|
Description Cullum Smith 2018-01-18 20:18:29 UTC
Created attachment 189892 [details] patch to allow linking against different kerberos implementations The krb5_ccname option in nslcd.conf for kerberos authentication has no effect. This port always links against the base kerberos (heimdal). In addition to the upstream documentation saying that only MIT kerberos is tested (https://arthurdejong.org/nss-pam-ldapd/HACKING), when linking against heimdal, the krb5_ccname option appears to have no effect. According to the debug logs, /tmp/krb5cc_928 is always used as the ticket cache. Exporting the KRB5CCNAME environment variable also did not work. This issue was resolved when I linked against MIT's kerberos. I've attached a diff of the port's Makefile to allow choosing which Kerberos implementation to link against. I have only tested this with MIT kerberos.