kadmin (heimdal port) ignores the ldap backend
Boris Samorodov
bsam at ipt.ru
Sat Jun 4 21:00:45 GMT 2005
On Fri, 3 Jun 2005 15:00:56 -0500 Scot Hetzel wrote:
> On 6/3/05, Boris Samorodov <bsam at ipt.ru> wrote:
> > > I believe you have to set NO_KERBEROS in /etc/make.conf. Then rebuild
> > > & install the FreeBSD sources in /usr/src. Then after the
> > > installworld, you'll need to go to the /usr/lib directory and
> > > move/remove all libs that are older than the date of the install.
> >
> > > NOTE: I would also do a second installworld, after removing the
> > > libraries. Just incase something was removed that wasn't supposed to
> > > be removed.
> >
> > > Then install the KERBEROS hemidal port.
> >
> > Hmm. And what about kerbesized applications (i.e. sshd) from the base
> > system which I'd like to use with kerberos authentication?
> >
> looks like you would have to install them from ports, unless you
Those from ports uses MIT Kerberos 5 realization. Maybe they work with
Heimdal also...
> hacked the sources to use KERBEROS installed from the port.
> src/secure/usr.bin/ssh/Makefile
> src/lib/libtelnet/Makefile
> src/lib/libpam/modules/modules.inc
> NOTE: there may be others
> You would have to change the files to check if the hemdial libraries
> are installed:
> .if (defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libkrb5.so) )
> || !defined(NO_KERBEROS)
> NOTE: you may also need to set LDFLAGS+=-L${HEIMDAL_HOME}/lib
> And see if it compiles.
This way means applying patches every build/install world. And there
is no guarantee that pathes apply well. And it is really a *hack*.
I try to find a way to DTRT (do the right thing).
So far I have two workarounds (may be *hacks* all together):
o install heimdal from ports and change library searching path (to
search /usr/local/lib before athers). Don't know if it may break
something;
o install heimdal from ports with LOCALBASE=/usr. The port should be
reinstalled after make world.
Thus neighter of them are good...
WBR
--
bsam
More information about the freebsd-stable
mailing list