[Bug 241347] security/sssd: Update to 1.16.4

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241347

Phillip R. Jaenke <prj at rootwyrm.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |prj at rootwyrm.com

--- Comment #3 from Phillip R. Jaenke <prj at rootwyrm.com> ---
Rick, not speaking for Lukas here obviously, but I am speaking as someone very
familiar with sssd. The "latest" is often "too latest." Frequently does not do
what it says on the tin, at best. It's focused on feature addition and the
like. Hence, why they have LTMs. The LTMs are tied to RHEL.
So from the FreeBSD side, the port should track what sssd version is in the
current mainstream release of Red Hat. For 7.7, that's 1.16. I'm a large RHEL
customer at $dayjob and the in-house sssd expert there, so I'm reasonably
familiar with this. 

All that said, Lukas, can this build with python3.6+? FreeBSD is EOL'ing 2.7
much more aggressively than RH. So I would recommend building only with 3.x if
possible so it doesn't come up as broken in January.

The other concern I have is around the security/krb5 and samba dependency. We
don't have a good way to enforce option dependencies in other ports. I think
this can be worked around by depending on
${LOCALBASE}/lib/shared-modules/krb5/winbind_krb5_localauth.so and
${LOCALBASE}/lib/samba4/krb5/plugins/kdb/samba.so which are only present when
GSSAPI_MIT is selected in samba48+. That SHOULD prevent user foot-shooting by
installing a GSSAPI_BUILTIN samba48+ against sssd here.

-- 
You are receiving this mail because:
You are the assignee for the bug.