Bug 209165 - net/nss_ldap allow selection of Kerberos implementation to link against while configuring port options
Summary: net/nss_ldap allow selection of Kerberos implementation to link against while...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dag-Erling Smørgrav
Depends on:
Reported: 2016-04-30 12:26 UTC by marc.priggemeyer
Modified: 2018-02-12 20:23 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (des)

unified diff for net/nss_ldap/Makefile (1.49 KB, patch)
2016-04-30 12:26 UTC, marc.priggemeyer
no flags Details | Diff
new patch with minor additions (2.22 KB, patch)
2017-03-02 14:58 UTC, marc.priggemeyer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description marc.priggemeyer 2016-04-30 12:26:49 UTC
Created attachment 169828 [details]
unified diff for net/nss_ldap/Makefile

At the moment it's impossible to set WITHOUT_KERBEROS=YES in /etc/src.conf while having Kerberos option activated for net/nss_ldap.

The attached unified diff for net/nss_ldap/Makefile adds options to select a Kerberos implementation as dependency during configuration of the port.

Options are:
SYSTEMKRB -> use Heimdal Kerberos implementation shipped with the base system
MIT -> use MIT Kerberos implementation from ports (security/krb5)
HEIMDAL -> use Heimdal Kerberos implementation from ports (security/heimdal)
Comment 1 marc.priggemeyer 2017-03-02 14:58:58 UTC
Created attachment 180439 [details]
new patch with minor additions

I added minor changes to the patch for the configure.in file. Also, LDFLAGS were added dependend on the selected Kerberos implementation.
Comment 2 Jan Beich freebsd_committer 2018-02-10 16:21:37 UTC
gecko@ doesn't maintain any nsswitch.conf(5) modules. Only bug 165263 was related. Kerberos support in www/firefox relies on gssapi(3) (not security/nss) but the state on FreeBSD is unknown to me.
Comment 3 marc.priggemeyer 2018-02-12 20:23:18 UTC
(In reply to Jan Beich from comment #2)
I'm not really sure how this relates to thunderbird problems in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165263.

Nevertheless, will this be addressed in the near future? I am using the configuration option to have a functional net/nss_ldap in my personal package repository for a while now.
Considering the following - and maybe the usecase is a little special by itself - the patch is useful in automated build environments:
Stripped down and modified base (i.e. WITHOUT_KERBEROS) -> used as reference for build jails in poudriere -> net/nss_ldap fails because Kerberos implementation that might have to be pulled in as a dependency from ports cannot be selected

In addition, whenever a Kerberos implementation from Ports is intended to be used, nss_ldap will fail during runtime because in its original state it will depend on system krb and krb.conf.