Bug 225305

Summary: net/nss-pam-ldapd: krb5_ccname option in nslcd.conf has no effect
Product: Ports & Packages Reporter: Cullum Smith <cullum>
Component: Individual Port(s)Assignee: Ryan Steinmetz <zi>
Status: New ---    
Severity: Affects Some People CC: cullum
Priority: --- Flags: bugzilla: maintainer-feedback? (zi)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to allow linking against different kerberos implementations none

Description Cullum Smith 2018-01-18 20:18:29 UTC
Created attachment 189892 [details]
patch to allow linking against different kerberos implementations

The krb5_ccname option in nslcd.conf for kerberos authentication has no effect.

This port always links against the base kerberos (heimdal). In addition to the upstream documentation saying that only MIT kerberos is tested (https://arthurdejong.org/nss-pam-ldapd/HACKING), when linking against heimdal, the krb5_ccname option appears to have no effect. According to the debug logs, /tmp/krb5cc_928 is always used as the ticket cache. Exporting the KRB5CCNAME environment variable also did not work.

This issue was resolved when I linked against MIT's kerberos. I've attached a diff of the port's Makefile to allow choosing which Kerberos implementation to link against. I have only tested this with MIT kerberos.