Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 53822 - gentoo prefers mit-krb5, which is US crypto
Summary: gentoo prefers mit-krb5, which is US crypto
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Robin Johnson
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-13 11:26 UTC by mj
Modified: 2004-08-30 12:43 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mj 2004-06-13 11:26:42 UTC
It is almost impossible to not use mit-krb5, even when heimdal is installed and specified in ebuilds. MIT-krb5 is US crypto, and as such is not suitable as a default crypto package for a linux distribution. Especially since heimdal has an almost identical API, and packages which compile against mit-krb5 usually also compile against heimdal.

Reproducible: Always
Steps to Reproduce:
1. put kerberos in make.conf USE flag
2. emerge -vp openldap
3.

Actual Results:  
I had heimdal installed already and openldap and cyrus-sasl ebuilds are
hardcoded to use mit-krb5.

Expected Results:  
It should have detected that I already have heimdal kerberos installed, and not
try to install mit-krb5 (and thus remove heimdal).
Comment 1 James Kyte 2004-06-13 21:59:10 UTC
The mit-krb5 dependency has been changed to virtuals/krb5 in openldap ebuilds >=2.1.27. Either wait for it to be unmasked or add it to /etc/portage/package.keywords.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-06-14 01:41:58 UTC
the problem is 'almost identical API'.
earlier than openldap-2.1.27 doesn't build against heimdal, the last time I checked at least (quite a while ago).

if you'd like to go thru _every_ ebuild that currently lists mit-krb5, and check that it complies against heimdal and works properly, and leave a list of those ebuilds here, I will change them to virtuals/krb5 for you.

I live outside the US. Provided that it works, and it is reasonably secure, I'm not really concerned about crazy crypto laws.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-08-30 12:43:52 UTC
no response from poster.