FreeBSD Port: krb5-1.13

Cy Schubert Cy.Schubert at komquats.com
Sat Nov 22 17:57:28 UTC 2014


In message <5470AA17.4040008 at herveybayaustralia.com.au>, R Skinner writes:
> An interesting point came up in one of my ventures - I was trying to set 
> up a kerberos system with ldap for authentication/authorisation, 
> therefore using ldap as the backend for the kerberos.
> 
> I ran make install clean from ports and set ldap options in the config, 
> then tried to get it all running using some docs and tutorials I googled 
> up. All of them mention a kerberos.schema file needed in openldap/schema/.
> 
> So I started hunting for it; couldn't find it. Looked online at various 
> sites (including mit) and it is mentioned, but all information pointed 
> to it being available under share/doc/ in some form. But to my chagrin, 
> it was not to be found at all. Now I'm really got my challenge on, so I 
> look deeper.
> 
> I checked the plist file and it is not mentioned, though one would think 
> it would be if ldap is set in the config. I looked all through near 
> every file, ran find commands; all no good. I then run make again and 
> attempt to see if it is actually shipped with the tar ball. Finally, 
> looking deep in the extracted and built directory (not staged, mind) I 
> finally find my kerberos.schema, as well as a kerberos.ldif, in 
> krb5-1.13/src/plugins/kdb/ldap/libkdb_ldap/.
> 
> Now that I've narrated my little adventure, I'm left kinda curious as to 
> why, if ldap is selected as an option in config, _and_ if this schema is 
> so critical to the operation of ldap as a backend to kerberos (maybe 
> even heimdal too), then why are these files simply discarded rather than 
> installed, leaving someone like myself frustrated and mystified? :) I 
> imagine many would simply give up or try and jerry rig something by this 
> point, but for it to be right there...
> 
> Any chance for a fix on this? I think I may have even tried to do this 
> several years ago as well and gave up because of this same issue 
> (although I think I may have been looking at heimdal at the time, so 
> same issue could still be there too); had to put it in the too hard 
> basket at the time due to temporal deficiencies...
> 
> Cheers
> 

File a PR and I'll look at it. Thanks.


-- 
Cheers,
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.




More information about the freebsd-ports mailing list