Cy Schubert: > In message <afrsquqsti4pr...@freefall.freebsd.org>, Lexi Winter writes: > > i'm hoping with MIT krb5 in base, we might be able to find a better > > solution to this, but i haven't had a chance to actually try it. > > it may be we have to go with a glib-style "bootstrap port" solution. > It may help bootstrap but you can't rely on it to supply your KDC needs as > it doesn't and will never use LDAP, unless we import OpenLDAP into base, > and that's another matter of discussion.
i am thinking purely in terms of ports here, e.g.: - krb5-ldap requires openldap26@bootstrap - openldap26@bootstrap builds OpenLDAP without Kerberos support - after building krb5-ldap you then build openldap26 with Kerberos support which is a drop-in replacement for openldap26@bootstrap. then you install krb5-ldap and openldap26-server and the openldap26@bootstrap port is never used after the package build is done. the exact details of how this works might be more complicated but my understanding is that this is how devel/glib20 and devel/gobject-introspection manage to depend on each other. i was hoping MIT krb5 in base would avoid the need for this, but i don't think it does: if ports openldap links to base krb5, and ports krb5 links to ports openldap, you'd end up with the KDC binary linking to both base and ports krb5. so in practice, you'd still need to ignore base Kerberos entirely (other than for NFS) and build everything against ports krb5, like we do now.
signature.asc
Description: PGP signature
