Date: Fri, 15 Jul 2016 14:16:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 211142] net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL Message-ID: <bug-211142-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211142 Bug ID: 211142 Summary: net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: prj@rootwyrm.com Assignee: timur@FreeBSD.org Flags: maintainer-feedback?(timur@FreeBSD.org) Also impacts net/samba43 net/samba44=20 This one has been causing me headaches for a while and definitely needs some discussion around the implications. It appears to have been previously attempted (net/samba42/Makefile at 349) but commented out. So currently it obeys make.conf settings. However, in an actual modern AD environment, LDAP queries should implicitly use KRB5 which requires GSSAPI. This means the po= rt is more or less 'broken by default' for properly configured AD environments. It also impacts security/sssd which currently does not have an explicit requirement for openldap24-sasl-client defined, but absolutely requires it.= =20 This obviously has implications since it is a change to defaults which could impact dependent ports and pkg builds. However, as it is essentially incompatible with the current AD security model, are there specific reasons= to not switch Samba ports to require OPENLDAP_SASL? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211142-13>