Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 935258

Summary: sys-auth/nss-pam-ldapd: USE="kerberos" is useless without USE="sasl"
Product: Gentoo Linux Reporter: Christopher Byrne <salah.coronya>
Component: Current packagesAssignee: Matthew Thode ( prometheanfire ) <prometheanfire>
Status: RESOLVED FIXED    
Severity: normal CC: chutzpah
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/37416
Whiteboard:
Package list:
Runtime testing required: ---

Description Christopher Byrne 2024-07-01 01:01:12 UTC 
nslcd Kerberos support will not work without SASL. To configure Kerberos support, a ticket cache containing the host key is needed:

kinit -c /etc/nslcd.ccache -k host/gentoo-test-clang.coronya.com
chown nslcd:nslcd /etc/nslcd.ccache

For /etc/nslcd.conf, here are the key lines for Kerberos support:

krb5_ccname /etc/nslcd.ccache
sasl_mech gssapi
sasl_authzid dn:uid=host/ldap-client.example.com,cn=gssapi,cn=auth

The last 2 lines require SASL support. Without it, no errors occur but there is no Kerberos communication to the server. 

There should be a REQUIRED_USE for this.
Comment 1 Larry the Git Cow gentoo-dev 2024-07-04 00:00:04 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11a9c3899bf034ecf31760e84a91db357aed0980

commit 11a9c3899bf034ecf31760e84a91db357aed0980
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2024-07-03 23:15:30 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2024-07-03 23:59:59 +0000

    sys-auth/nss-pam-ldapd: Fix Kerberos functionality by requiring SASL
    
    Closes: https://bugs.gentoo.org/935258
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 .../nss-pam-ldapd/nss-pam-ldapd-0.9.12-r4.ebuild   | 166 +++++++++++++++++++++
 1 file changed, 166 insertions(+)