Date: Sun, 05 Jun 2005 01:01:34 +0400 From: Boris Samorodov <bsam@ipt.ru> To: Scot Hetzel <swhetzel@gmail.com> Cc: fandino@ng.fadesa.es, freebsd-stable@freebsd.org, freebsd-ports@freebsd.org Subject: Re: kadmin (heimdal port) ignores the ldap backend Message-ID: <74054193@srv.sem.ipt.ru> In-Reply-To: <790a9fff0506031300756e6bda@mail.gmail.com> (Scot Hetzel's message of "Fri, 3 Jun 2005 15:00:56 -0500") References: <429D8B3B.50203@ng.fadesa.es> <29469499@srv.sem.ipt.ru> <429DE188.5020908@ng.fadesa.es> <09783236@srv.sem.ipt.ru> <429EE7D8.4050900@ng.fadesa.es> <65121725@srv.sem.ipt.ru> <42A025CA.2000107@ng.fadesa.es> <41916239@srv.sem.ipt.ru> <790a9fff05060309474f2f06eb@mail.gmail.com> <11516153@srv.sem.ipt.ru> <790a9fff0506031300756e6bda@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 3 Jun 2005 15:00:56 -0500 Scot Hetzel wrote:
> On 6/3/05, Boris Samorodov <bsam@ipt.ru> wrote:
> > > I believe you have to set NO_KERBEROS in /etc/make.conf. Then rebuild
> > > & install the FreeBSD sources in /usr/src. Then after the
> > > installworld, you'll need to go to the /usr/lib directory and
> > > move/remove all libs that are older than the date of the install.
> >
> > > NOTE: I would also do a second installworld, after removing the
> > > libraries. Just incase something was removed that wasn't supposed to
> > > be removed.
> >
> > > Then install the KERBEROS hemidal port.
> >
> > Hmm. And what about kerbesized applications (i.e. sshd) from the base
> > system which I'd like to use with kerberos authentication?
> >
> looks like you would have to install them from ports, unless you
Those from ports uses MIT Kerberos 5 realization. Maybe they work with
Heimdal also...
> hacked the sources to use KERBEROS installed from the port.
> src/secure/usr.bin/ssh/Makefile
> src/lib/libtelnet/Makefile
> src/lib/libpam/modules/modules.inc
> NOTE: there may be others
> You would have to change the files to check if the hemdial libraries
> are installed:
> .if (defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libkrb5.so) )
> || !defined(NO_KERBEROS)
> NOTE: you may also need to set LDFLAGS+=-L${HEIMDAL_HOME}/lib
> And see if it compiles.
This way means applying patches every build/install world. And there
is no guarantee that pathes apply well. And it is really a *hack*.
I try to find a way to DTRT (do the right thing).
So far I have two workarounds (may be *hacks* all together):
o install heimdal from ports and change library searching path (to
search /usr/local/lib before athers). Don't know if it may break
something;
o install heimdal from ports with LOCALBASE=/usr. The port should be
reinstalled after make world.
Thus neighter of them are good...
WBR
--
bsam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74054193>