pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/41634: Kerberos for openldap doesn't install kerberos support

>Number:         41634
>Category:       pkg
>Synopsis:       Kerberos for openldap doesn't install kerberos support
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 25 00:00:00 +0000 2009
>Originator:     Lloyd Parkes
>Release:        5.0
Must Have Coffee
NetBSD 5.0 NetBSD 5.0 (GENERIC) #0: Sat May  
2 23:18:37 NZST 2009
When you build and install databases/openldap-server, with the "kerberos" 
package option, the resulting system doesn't actually use Kerberos. The 
Kerberos option merely switches on the "sasl" option, which in turn creates a 
dependency on security/cyrus-sasl and adds the correct configure flag. None of 
these bits supply Kerberos authentication. cyrus-sasl is only a framework, and 
doesn't supply an authentication mechanism. 
Build and install openldap and then wonder why you aren't offered 
GSSAPI/Kerberos authentication.
Add security/cy2-gssapi as a runtime dependency for the openldap packages if 
the kerberos option is set. I know that this isn't a normal runtime dependency 
in that the program will run without cy2-gssapi, but if the sysadmin builds 
with the kerberos option set, then that have made a clear statement that they 
expect the resulting package to use Kerberos.

If the sysadmin doesn't want to install cy2-gssapi when they install 
openldap-server, then they should build with the sasl option and not the 
kerberos option.

Home | Main Index | Thread Index | Old Index