kadmin (heimdal port) ignores the ldap backend
fandino
fandino at ng.fadesa.es
Thu Jun 2 04:05:12 PDT 2005
Boris Samorodov wrote:
>>>Do you build FreeBSD with Kerberos support? There may be system
>
>>Yes, it was builded with Kerberos(0.6.3) and the heimdal port
>
> Aha, thus you install system libraries to /usr/lib etc...
>
>>(0.6.3) was also installed in order to get ldap support for heimdal
>
> ...and those libraries from the port install to /usr/local/lib...
correct.
>>kerberos without getting messed with the system kerberos.
>
> ...and finally get it messed.
sometimes the longest way is _really_ the hardest way ;-)
>>>libraries located earlier in LDD_PATH which kadmin uses. Try ktrace
>>>and kdump to see which libraries are used at run-time.
>
>>you have found something interesting, this strace[1] shows us
>>that /usr/local/sbin/kadmin (the port kadmin binary) is using
>>"/usr/local/lib/libkadm5clnt.so.6" and "/usr/lib/libkadm5srv.so.7"
>>could libkadm5srv be the culprit (now I haven't access to this box)?
>
> I think this is the point.
>
>>how I can force /usr/local/sbin/kadmin to use the port library
>>and not the system library?
>
> 1. The main idea is to force search at /usr/local/lib before
> /usr/lib
.....
I removed temporally all /usr/lib/libkadm5srv* libraries and as results
kadmin was forced to load /usr/local libraries, but I get the same
problem :-(
http://195.55.55.164/tests/FreeBSD/kdump.txt
again kadmin doesn't use ldap and fallback to database files.
> 2. Set HEIMDAL_HOME=/usr at /etc/make.conf. So the local_base for the
> port is /usr. But then you won't get installed some docs (and maybe
> some more files). (Hey, is port broken?)
>
> Yes, this will replace your system files. But there won't be a
> mess. ;-) And, yes, you'll have to reinstall the port after system
> upgrade.
>
> Hence, all versions are rather more a hack then even a workaround, not
> to say a solution.
I will try that, but I'm afraid it doesn't work because in the anterior
test the correct libraries were used and the problem persists.
> Who can give us a good solution?
Anyone knows how to use ldap as backend for the heimdal port in FreeBSD?
More information about the freebsd-stable
mailing list