[Bug 211142] net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jul 15 14:16:15 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211142
Bug ID: 211142
Summary: net/samba42 - PORT_OPTIONS:MADS should enforce
WANT_OPENLDAP_SASL
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: timur at FreeBSD.org
Reporter: prj at rootwyrm.com
Assignee: timur at FreeBSD.org
Flags: maintainer-feedback?(timur at FreeBSD.org)
Also impacts net/samba43 net/samba44
This one has been causing me headaches for a while and definitely needs some
discussion around the implications. It appears to have been previously
attempted (net/samba42/Makefile at 349) but commented out. So currently it
obeys make.conf settings. However, in an actual modern AD environment, LDAP
queries should implicitly use KRB5 which requires GSSAPI. This means the port
is more or less 'broken by default' for properly configured AD environments.
It also impacts security/sssd which currently does not have an explicit
requirement for openldap24-sasl-client defined, but absolutely requires it.
This obviously has implications since it is a change to defaults which could
impact dependent ports and pkg builds. However, as it is essentially
incompatible with the current AD security model, are there specific reasons to
not switch Samba ports to require OPENLDAP_SASL?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list