Created attachment 169828 [details]
unified diff for net/nss_ldap/Makefile
At the moment it's impossible to set WITHOUT_KERBEROS=YES in /etc/src.conf while having Kerberos option activated for net/nss_ldap.
The attached unified diff for net/nss_ldap/Makefile adds options to select a Kerberos implementation as dependency during configuration of the port.
SYSTEMKRB -> use Heimdal Kerberos implementation shipped with the base system
MIT -> use MIT Kerberos implementation from ports (security/krb5)
HEIMDAL -> use Heimdal Kerberos implementation from ports (security/heimdal)
Created attachment 180439 [details]
new patch with minor additions
I added minor changes to the patch for the configure.in file. Also, LDFLAGS were added dependend on the selected Kerberos implementation.
gecko@ doesn't maintain any nsswitch.conf(5) modules. Only bug 165263 was related. Kerberos support in www/firefox relies on gssapi(3) (not security/nss) but the state on FreeBSD is unknown to me.
(In reply to Jan Beich from comment #2)
I'm not really sure how this relates to thunderbird problems in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165263.
Nevertheless, will this be addressed in the near future? I am using the configuration option to have a functional net/nss_ldap in my personal package repository for a while now.
Considering the following - and maybe the usecase is a little special by itself - the patch is useful in automated build environments:
Stripped down and modified base (i.e. WITHOUT_KERBEROS) -> used as reference for build jails in poudriere -> net/nss_ldap fails because Kerberos implementation that might have to be pulled in as a dependency from ports cannot be selected
In addition, whenever a Kerberos implementation from Ports is intended to be used, nss_ldap will fail during runtime because in its original state it will depend on system krb and krb.conf.