pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/41634: Kerberos for openldap doesn't install kerberos support

The following reply was made to PR pkg/41634; it has been noted by GNATS.

From: Geert Hendrickx <>
Subject: Re: pkg/41634: Kerberos for openldap doesn't install kerberos
Date: Thu, 25 Jun 2009 13:20:53 +0200

 On Thu, Jun 25, 2009 at 12:00:01AM +0000, wrote:
 > >Description:
 > When you build and install databases/openldap-server, with the "kerberos"
 > package option, the resulting system doesn't actually use Kerberos. The
 > Kerberos option merely switches on the "sasl" option, which in turn creates
 > a dependency on security/cyrus-sasl and adds the correct configure flag.
 > None of these bits supply Kerberos authentication.  cyrus-sasl is only a
 > framework, and doesn't supply an authentication mechanism. 
 > >How-To-Repeat:
 > Build and install openldap and then wonder why you aren't offered GSSAPI/
 > Kerberos authentication.
 > >Fix:
 > Add security/cy2-gssapi as a runtime dependency for the openldap packages if
 > the kerberos option is set. I know that this isn't a normal runtime
 > dependency in that the program will run without cy2-gssapi, but if the
 > sysadmin builds with the kerberos option set, then that have made a clear
 > statement that they expect the resulting package to use Kerberos.
 > If the sysadmin doesn't want to install cy2-gssapi when they install
 > openldap-server, then they should build with the sasl option and not the
 > kerberos option.
 IMO the proper solution is to just drop the "kerberos" option.  It's not
 clean to put SASL auth methods in SASL supporting packages as options
 directly, they have no business with it.
 Geert Hendrickx  -=-  -=-  PGP: 0xC4BB9E9F
 This e-mail was composed using 100% recycled spam messages!

Home | Main Index | Thread Index | Old Index