openldap-client vs openldap-sasl-client

Sergei Vyshenski svysh.fbsd at gmail.com
Tue Jan 10 06:16:44 UTC 2017 

Edemic enforcement of unwanted security technologies propagates further on.

Port net/p5-perl-ldap requires port security/p5-Authen-SASL,
which by defaul turns ON kerberos support.
This brings situation, when
private key infrastructure (PKI) software by default depends from Kerberos,
which is as if: nginx depends from apache.

Cf PR here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215835

Regards, Sergei

On Tue, Jan 10, 2017 at 1:54 AM, Miroslav Lachman <000.fbsd at quip.cz> wrote:

> Miroslav Lachman wrote on 2017/01/09 23:48:
>
>> Jan Bramkamp wrote on 2017/01/05 11:30:
>>
>>> On 04/01/2017 18:32, Andriy Gapon wrote:
>>>
>>>>
>>>> Do you I understand correctly that it is impossible now to install
>>>> both samba44
>>>> and libreoffice using the official FreeBSD package repository?
>>>> Or samba44 and KDE?
>>>>
>>>> If yes, then that sucks...
>>>>
>>>
>>> Yes and yes it sucks. The "solution" is to build your own repo and set
>>> the right flags to always use the same LDAP client port. With binary
>>> packages and the speed of modern x86_64 systems I for one no longer see
>>> removing SASL support from OpenLDAP as useful enough to justify the
>>> complexity. Are there any reasons other than saved build time to disable
>>> this dependency (e.g. a bad security track record/process, different
>>> licenses)?
>>>
>>
>> And what is the right way to choose SASL / NON-SASL version globaly?
>> We are building packages in our poudriere, but I cannot find the proper
>> variable / option for this.
>>
>> Miroslav Lachman
>>
>
> I don't need SASL for LDAP client, but somebody messed up ports tree with
> WANT_OPENLDAP_SASL which is for users and not maintainers:
>
> # WANT_OPENLDAP_SASL
> #                               - User-defined variable to depend upon
> SASL-enabled OpenLDAP
> #                                 client. Must NOT be set in a port
> Makefile.
>
> So why it is set there
>
> https://svnweb.freebsd.org/ports/head/databases/ldb/Makefile
> ?r1=430417&r2=430416&pathrev=430417
>
> and there
>
> https://svnweb.freebsd.org/ports/head/net/samba43/Makefile?
> r1=429692&r2=429691&pathrev=429692
>
> and maybe in some other places
>
> Miroslav Lachman
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>

More information about the freebsd-ports mailing list