I set up centralized auditing and then went to configure Kerberos authentication but sys-process/audit needs the "gssapi" use flag. Please allow users to apply "--enable-gssapi-krb5" via the "gssapi" or "kerberos" use flags. Reproducible: Always Steps to Reproduce: emerge sys-process/audit Actual Results: Everything appears to be working, but I saw this message in my logs "audisp-remote: GSSAPI support is not enabled". Checked /sbin/auditd with ldd and I can't see any Kerberos/GSSAPI libraries linked. Expected Results: The audisp-remote plugin should have aborted the connection because I configured the Kerberos settings incorrectly (I think so anyway). It basically just ignored the settings, if audit had been built against the Kerberos/GSSAPI libraries I suspect it would have aborted the connection. I have a working Kerberos infrastructure and have been using audit for a few years. I've never tried centralized auditing with Kerberos auth before though.
patches welcome, I know nothing of krb, and I don't have a test environment for it.
Created attachment 348428 [details, diff] audit-2.1.3-r1.ebuild gssapi patch Adds "gssapi" USE flag to audit ebuild.
Sorry to take so long replying to this, unfortunately I no longer have a working krb setup since the loss of the system with my KDC. I modified the audit ebuild to include the "gssapi" USE flag, here is a patch. This has been tested and if I remember correctly, everything worked fine. Patch is attached.
added now: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9922424d24e74a94290fddeca93a861bae8ebedf