From owner-freebsd-ports@FreeBSD.ORG Sun Jul 26 07:13:50 2009 Return-Path: Delivered-To: freebsd-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AF2C1065670 for ; Sun, 26 Jul 2009 07:13:50 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-bw0-f219.google.com (mail-bw0-f219.google.com [209.85.218.219]) by mx1.freebsd.org (Postfix) with ESMTP id DC04A8FC16 for ; Sun, 26 Jul 2009 07:13:49 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: by bwz19 with SMTP id 19so2035297bwz.43 for ; Sun, 26 Jul 2009 00:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=hjdfx4oxRncaXYDPaBj6CK7tiV7+RphynSENzdfh5UE=; b=jMYwKNnTzOHh1B1Pc5hxABg6wNrggssquH1BdINoeW6Bf+hgdGZqCQnrOeCap/6nxx dENRtbZm/oiHBlHb3jM+/tlTVPRKzUyjvXRp4xAxO71huy53XbdKY1tVQlZln7RyIbjO gKSaIN5q+kn9gIXQTYA+fAzChDp2W7wE5P580= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=Qel4S7YOxjoScHz8p4I7qTicKn+MGW55DkN2IG45+tU+NM2VGKO1tSmXaTu/mE/GHK jQJpfue2bDyEwhjYZx23ROu8qtW2OB4vH5pXAdQessHISpSIm6BvVh+alQ8fBLcuJipX DTqTL86I3hrvxnVitURU4zRSAHIOwVCZ80e9Y= MIME-Version: 1.0 Received: by 10.239.159.3 with SMTP id w3mr502639hbc.96.1248592428795; Sun, 26 Jul 2009 00:13:48 -0700 (PDT) Date: Sun, 26 Jul 2009 07:13:48 +0000 Message-ID: From: "b. f." To: freebsd-ports@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: enlil65@gmail.com Subject: Re: Using WITH_OPENSSL_PORT X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2009 07:13:50 -0000 > As the PR advises, switching back to base openssl fixes my problem. Well, apparently only part of it. Unfortunately the openssl framework in ports doesn't accommodate mixing and matching of base and port openssl, so while this may allow you to use pam_ldap, it's at the expense of other ports. You should probably follow-up on the PR, and explain to the committer who closed it why a real solution to the problem would be desirable. Also, ask the krb5 maintainer if it would be possible to relax the openssl requirements on his port. Sometimes these restrictions are relics of times when an earlier version of openssl in base was causing problems, and they may no longer be relevant. > Since I am already using pam_ldap on this system in production, I > don't see any easy way to get security/krb5 installed and working via > ports on the same system since openssl requirements for these things > conflict. I think my easiest solution is to use a different system > for security/krb5. At least in the short term, if you don't have the time to patch these ports yourself, you may be right. Another thing you may want to consider: will the kerberos implementation already in the base system, or another kerberos port, meet your needs, so that you can dispense with the krb5 port? b.