[Bug 205493] net/freeradius3: Does not link properly against selected kerberos implementation
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Dec 21 17:56:41 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205493
Bug ID: 205493
Summary: net/freeradius3: Does not link properly against
selected kerberos implementation
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: zi at FreeBSD.org
Reporter: freebsd at simweb.ch
Flags: maintainer-feedback?(zi at FreeBSD.org)
Assignee: zi at FreeBSD.org
Created attachment 164463
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=164463&action=edit
Patch net/freeradius3/Makefile to fix/improve kerberos selection.
Hi
net/freeradius3 seems to link always against Heimdal kerberos in base as soon
as one of the 3 possible options is enabled. The issue is already visible 'make
stage':
# HEIMDAL
# ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so
work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so:
libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000)
-> OK.
HEIMDAL_PORT: Builds but doesn't find the library and thus no rlm_krb5.so is
built
KERBEROS: stops with an error when building rlm_krb5, I haven't dug deeper
there.
The main cause is due to an upstream change which changed the Kerberos
parameters starting with 3.0.1. 3.0.0 used the same options as are still valid
with 2.2.9, not 3.0.1 onwards.* The relevant file in the FreeRADIUS source is
src/modules/rlm_krb5/configure(.ac), the option is not revealed by 'configure
--help'
I'd propose to make a selection group which makes it impossible to chose
more than 1 Kerberos implementation, but still allows disabling rlm_krb5
entirely.
The dependency was changed with the following idea:
HEIMDAL_BASE: libkrb5.so*.26*, otherwise the dependency is fullfilled by
librkrb5.so in base
After the modifications:
# HEIMDAL (test with and without security/heimdal installed)
# ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so
work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so:
libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000)
[...]
# HEIMDAL_PORT (security/heimdal installed, security/krb5 absend as they
conflict)
# ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so
work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so:
libkrb5.so.26 => /usr/local/lib/heimdal/libkrb5.so.26 (0x801604000)
[...]
# KERBEROS (security/krb5 instaled, security/heimdal absend as they conflict)
# ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so
work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so:
libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x801604000)
[...]
There is still 1 corner case which I don't know how to fix yet:
If the system has krb5 installed from ports/packages but the port is built with
HEIMDAL from base it gets confused and fails to build.
Upstream has said that usually there should not be 2 different Kerberos
libraries and currently I don't know where the exception should be handled
best.
-- Mathieu
* Here is the commit from back then:
https://github.com/FreeRADIUS/freeradius-server/commit/7889d4b840920526b4598422771617d389ea5ab7
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list