On Sun, Jul 26, 2009 at 2:13 AM, b. f.<bf1...@googlemail.com> wrote: >> As the PR advises, switching back to base openssl fixes my problem. > > Well, apparently only part of it. Unfortunately the openssl framework > in ports doesn't accommodate mixing and matching of base and port > openssl, so while this may allow you to use pam_ldap, it's at the > expense of other ports. You should probably follow-up on the PR, and > explain to the committer who closed it why a real solution to the > problem would be desirable. Also, ask the krb5 maintainer if it would > be possible to relax the openssl requirements on his port. Sometimes > these restrictions are relics of times when an earlier version of > openssl in base was causing problems, and they may no longer be > relevant.
It turns out there are a number of open PR's for related issues. For instance: ports/120101: security/krb5 utilities link against wrong libcom_err http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/120101 ports/121573: security/krb5 (MIT Kerberos) generates non-working ksu http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/121573 ports/128972: Port security/krb5 has a linking problem when compiled against base openssl http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/128972 I get a working security/krb5 compiled against base openssl, if I preface all the client commands with LD_LIBRARY_PATH=/usr/local/lib. I'm not sure what a good resolution for all those PR's would be... how is this sort of conflict of shlibs normally resolved for ports? >> Since I am already using pam_ldap on this system in production, I >> don't see any easy way to get security/krb5 installed and working via >> ports on the same system since openssl requirements for these things >> conflict. I think my easiest solution is to use a different system >> for security/krb5. > > At least in the short term, if you don't have the time to patch these > ports yourself, you may be right. Another thing you may want to > consider: will the kerberos implementation already in the base system, > or another kerberos port, meet your needs, so that you can dispense > with the krb5 port? Another thing that occurred to me (I may have seen it online somewhere) is that if I replace the base kerberos with ports/krb5 compiled against the base openssl, my problem with multiple conflicting shared libraries would go away. It looks like I can build my system with WITHOUT_KERBEROS setting in /etc/src.conf, though I am still unsure how to remove the already-installed kerberos on my production system -- do I hunt down and delete the already-installed files, or is there an easier way to do that? BTW even though I've been running FreeBSD for over 6 years now, I hadn't heard of /etc/src.conf before this weekend. How do people find out about that? I'm surprised to have missed it before now. plw _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
