It is almost impossible to not use mit-krb5, even when heimdal is installed and specified in ebuilds. MIT-krb5 is US crypto, and as such is not suitable as a default crypto package for a linux distribution. Especially since heimdal has an almost identical API, and packages which compile against mit-krb5 usually also compile against heimdal. Reproducible: Always Steps to Reproduce: 1. put kerberos in make.conf USE flag 2. emerge -vp openldap 3. Actual Results: I had heimdal installed already and openldap and cyrus-sasl ebuilds are hardcoded to use mit-krb5. Expected Results: It should have detected that I already have heimdal kerberos installed, and not try to install mit-krb5 (and thus remove heimdal).
The mit-krb5 dependency has been changed to virtuals/krb5 in openldap ebuilds >=2.1.27. Either wait for it to be unmasked or add it to /etc/portage/package.keywords.
the problem is 'almost identical API'. earlier than openldap-2.1.27 doesn't build against heimdal, the last time I checked at least (quite a while ago). if you'd like to go thru _every_ ebuild that currently lists mit-krb5, and check that it complies against heimdal and works properly, and leave a list of those ebuilds here, I will change them to virtuals/krb5 for you. I live outside the US. Provided that it works, and it is reasonably secure, I'm not really concerned about crazy crypto laws.
no response from poster.
