Bug 225305 - net/nss-pam-ldapd: krb5_ccname option in nslcd.conf has no effect
Summary: net/nss-pam-ldapd: krb5_ccname option in nslcd.conf has no effect
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ryan Steinmetz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-18 20:18 UTC by Cullum Smith
Modified: 2018-01-18 20:28 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Attachments
patch to allow linking against different kerberos implementations (1.28 KB, patch)
2018-01-18 20:18 UTC, Cullum Smith
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cullum Smith 2018-01-18 20:18:29 UTC
Created attachment 189892 [details]
patch to allow linking against different kerberos implementations

The krb5_ccname option in nslcd.conf for kerberos authentication has no effect.

This port always links against the base kerberos (heimdal). In addition to the upstream documentation saying that only MIT kerberos is tested (https://arthurdejong.org/nss-pam-ldapd/HACKING), when linking against heimdal, the krb5_ccname option appears to have no effect. According to the debug logs, /tmp/krb5cc_928 is always used as the ticket cache. Exporting the KRB5CCNAME environment variable also did not work.

This issue was resolved when I linked against MIT's kerberos. I've attached a diff of the port's Makefile to allow choosing which Kerberos implementation to link against. I have only tested this with MIT kerberos.