On 12.0-RELEASE-p3, using kstart-4.2_2 with nss-pam-ldapd-sasl-0.9.10_1, both installed as packages, the fix from bug #235757 doesn't work for me: the Kerberos credential cache written by kstart, /tmp/krb5cc_928, is removed from /tmp before nslcd can use it. rcorder(8) causes both kstart and nslcd to start before cleartmp: root@host:~ # rcorder /etc/rc.d/* /usr/local/etc/rc.d/* | grep -E 'DAEMON|LOGIN|cleartmp|kstart|nslcd' rcorder: Circular dependency on provision `DAEMON' in file `/usr/local/etc/rc.d/kstart'. rcorder: requirement `slapd' in file `/usr/local/etc/rc.d/nslcd' has no providers. /usr/local/etc/rc.d/kstart /usr/local/etc/rc.d/nslcd /etc/rc.d/cleartmp /etc/rc.d/DAEMON /etc/rc.d/LOGIN The circular dependency in the error message seems to involve /etc/rc.d/LOGIN. The kstart script says it requires DAEMON but must run before LOGIN: root@host:~ # head -9 /usr/local/etc/rc.d/kstart #!/bin/sh # $FreeBSD: head/security/kstart/files/kstart.in 496119 2019-03-18 02:28:10Z zi $ # PROVIDE: kstart # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # Add the following lines to /etc/rc.conf to enable kstart: The LOGIN script, however, requires DAEMON, so LOGIN can't run before DAEMON: root@host:~ # head -9 /etc/rc.d/LOGIN #!/bin/sh # # $FreeBSD: releng/12.0/libexec/rc/rc.d/LOGIN 278706 2015-02-13 20:52:23Z ngie $ # # PROVIDE: LOGIN # REQUIRE: DAEMON # This is a dummy dependency to ensure user services such as xdm, I worked around the problem by changing REQUIRE: DAEMON to REQUIRE: cleartmp in /usr/local/etc/rc.d/kstart, after which the rcorder output was as expected: root@host:/etc/rc.d # rcorder /etc/rc.d/* /usr/local/etc/rc.d/* | grep -E 'DAEMON|LOGIN|cleartmp|kstart|nslcd' rcorder: requirement `slapd' in file `/usr/local/etc/rc.d/nslcd' has no providers. /etc/rc.d/cleartmp /usr/local/etc/rc.d/kstart /usr/local/etc/rc.d/nslcd /etc/rc.d/DAEMON /etc/rc.d/LOGIN