kadmin (heimdal port) ignores the ldap backend

Boris Samorodov bsam at ipt.ru
Sat Jun 4 21:00:45 GMT 2005


On Fri, 3 Jun 2005 15:00:56 -0500 Scot Hetzel wrote:

> On 6/3/05, Boris Samorodov <bsam at ipt.ru> wrote:
> > > I believe you have to set NO_KERBEROS in /etc/make.conf.  Then rebuild
> > > & install the FreeBSD sources in /usr/src.  Then after the
> > > installworld, you'll need to go to the /usr/lib directory and
> > > move/remove all libs that are older than the date of the install.
> > 
> > > NOTE: I would also do a second installworld, after removing the
> > > libraries.  Just incase something was removed that wasn't supposed to
> > > be removed.
> > 
> > > Then install the KERBEROS hemidal port.
> > 
> > Hmm. And what about kerbesized applications (i.e. sshd) from the base
> > system which I'd like to use with kerberos authentication?
> > 
> looks like you would have to install them from ports, unless you

Those from ports uses MIT Kerberos 5 realization. Maybe they work with
Heimdal also...

> hacked the sources to use KERBEROS installed from the port.

> src/secure/usr.bin/ssh/Makefile
> src/lib/libtelnet/Makefile
> src/lib/libpam/modules/modules.inc

> NOTE: there may be others

> You would have to change the files to check if the hemdial libraries
> are installed:

> .if (defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libkrb5.so) )
> || !defined(NO_KERBEROS)

> NOTE: you may also need to set LDFLAGS+=-L${HEIMDAL_HOME}/lib

> And see if it compiles.

This way means applying patches every build/install world. And there
is no guarantee that pathes apply well. And it is really a *hack*.

I try to find a way to DTRT (do the right thing).

So far I have two workarounds (may be *hacks* all together):

o  install heimdal from ports and change library searching path (to
   search /usr/local/lib before athers). Don't know if it may break
   something;

o  install heimdal from ports with LOCALBASE=/usr. The port should be
   reinstalled after make world.

Thus neighter of them are good...


WBR
-- 
bsam


More information about the freebsd-stable mailing list