Bug 225305

Summary:

net/nss-pam-ldapd: krb5_ccname option in nslcd.conf has no effect

Product:

Ports & Packages

Reporter:

cullum

Component:

Individual Port(s)

Assignee:

Ryan Steinmetz <zi>

Status:

New ---

Severity:

Affects Some People

CC:

cullum

Priority:

---

Flags:

bugzilla: maintainer-feedback? (zi)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
patch to allow linking against different kerberos implementations	none

Description cullum 2018-01-18 20:18:29 UTC

Created attachment 189892 [details]
patch to allow linking against different kerberos implementations

The krb5_ccname option in nslcd.conf for kerberos authentication has no effect.

This port always links against the base kerberos (heimdal). In addition to the upstream documentation saying that only MIT kerberos is tested (https://arthurdejong.org/nss-pam-ldapd/HACKING), when linking against heimdal, the krb5_ccname option appears to have no effect. According to the debug logs, /tmp/krb5cc_928 is always used as the ticket cache. Exporting the KRB5CCNAME environment variable also did not work.

This issue was resolved when I linked against MIT's kerberos. I've attached a diff of the port's Makefile to allow choosing which Kerberos implementation to link against. I have only tested this with MIT kerberos.