Date: Mon, 21 Dec 2015 17:56:40 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 205493] net/freeradius3: Does not link properly against selected kerberos implementation Message-ID: <bug-205493-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205493 Bug ID: 205493 Summary: net/freeradius3: Does not link properly against selected kerberos implementation Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: zi@FreeBSD.org Reporter: freebsd@simweb.ch Flags: maintainer-feedback?(zi@FreeBSD.org) Assignee: zi@FreeBSD.org Created attachment 164463 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=164463&action=edit Patch net/freeradius3/Makefile to fix/improve kerberos selection. Hi net/freeradius3 seems to link always against Heimdal kerberos in base as soon as one of the 3 possible options is enabled. The issue is already visible 'make stage': # HEIMDAL # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000) -> OK. HEIMDAL_PORT: Builds but doesn't find the library and thus no rlm_krb5.so is built KERBEROS: stops with an error when building rlm_krb5, I haven't dug deeper there. The main cause is due to an upstream change which changed the Kerberos parameters starting with 3.0.1. 3.0.0 used the same options as are still valid with 2.2.9, not 3.0.1 onwards.* The relevant file in the FreeRADIUS source is src/modules/rlm_krb5/configure(.ac), the option is not revealed by 'configure --help' I'd propose to make a selection group which makes it impossible to chose more than 1 Kerberos implementation, but still allows disabling rlm_krb5 entirely. The dependency was changed with the following idea: HEIMDAL_BASE: libkrb5.so*.26*, otherwise the dependency is fullfilled by librkrb5.so in base After the modifications: # HEIMDAL (test with and without security/heimdal installed) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000) [...] # HEIMDAL_PORT (security/heimdal installed, security/krb5 absend as they conflict) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.26 => /usr/local/lib/heimdal/libkrb5.so.26 (0x801604000) [...] # KERBEROS (security/krb5 instaled, security/heimdal absend as they conflict) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x801604000) [...] There is still 1 corner case which I don't know how to fix yet: If the system has krb5 installed from ports/packages but the port is built with HEIMDAL from base it gets confused and fails to build. Upstream has said that usually there should not be 2 different Kerberos libraries and currently I don't know where the exception should be handled best. -- Mathieu * Here is the commit from back then: https://github.com/FreeRADIUS/freeradius-server/commit/7889d4b840920526b4598422771617d389ea5ab7 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205493-13>