[Bug 284709] security/krb5: add separate client and server ports

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 10 Feb 2025 14:06:03 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284709

            Bug ID: 284709
           Summary: security/krb5: add separate client and server ports
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy@FreeBSD.org
          Reporter: lexi@hemlock.eden.le-fay.org
          Assignee: cy@FreeBSD.org
             Flags: maintainer-feedback?(cy@FreeBSD.org)

there is a (known) issue with security/krb5 where LDAP support causes a
dependecy loop if Cyrus SASL is also built with MIT Kerberos support, because
krb5 depends on openldap26-client and openldap26-client depends on krb5.

to solve this, it would be nice to split the krb5 port into two ports, one for
the KDC/other server bits, and one for the clients, which
openldap26-{client,server} could use.  the client port would not have/need an
LDAP client.

my use case:

- Kerberos realm is stored in LDAP
- LDAP server (OpenLDAP) should support Kerberos GSSAPI authentication
- unless i've missed something, this is currently impossible.

-- 
You are receiving this mail because:
You are the assignee for the bug.