I came across this when I realized that I never really used kerberos. So I added "-kerberos" to USE in /etc/make.conf, rebuild all affected packages and then unmerged mit-krb5 with the result that nss_ldap broke and all accounts from LDAP were unknown. So I quickly reinstalled mit-krb5 an tried to find the reason for this, resulting in this bug report. If one emerges nss_ldap with USE="... -kerberos ..." on a system where no kerberos is installed it works like expected: No kerberos is pulled in and so /lib/libnss_ldap-2.6.1.so is certainly not linked with kerberos libs. I set the severity of this to minor because for me it's more cumbersome than a real problem: Tonight when no one is active on this machine I'll just unmerge mit-krb5 again and then remerge nss_ldap. Reproducible: Always Steps to Reproduce: 1. Have mit-krb5 installed but USE="-kerberos" for nss_ldap. 2. emerge nss_ldap Actual Results: ldd /lib/libnss_ldap-2.6.1.so ... libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7e0e000) ... libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7dde000) ... libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7a74000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7a6b000) ... equery uses nss_ldap [ Searching for packages matching nss_ldap... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ Found these USE variables for sys-auth/nss_ldap-258 ] U I - - debug : Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml - - kerberos : Adds kerberos support - - sasl : Adds support for the Simple Authentication and Security Layer Expected Results: /lib/libnss_ldap-2.6.1.so should not be linked with any of the kerberos libs when build with USE="-kerberos".
ldd is useless for similar stuff; post `readelf -d /lib/libnss_ldap-2.6.1.so | grep NEEDED` output.
(In reply to comment #1) > ldd is useless for similar stuff; post `readelf -d /lib/libnss_ldap-2.6.1.so | > grep NEEDED` output. > 0x00000001 (NEEDED) Shared library: [libldap-2.3.so.0] 0x00000001 (NEEDED) Shared library: [liblber-2.3.so.0] 0x00000001 (NEEDED) Shared library: [libsasl2.so.2] 0x00000001 (NEEDED) Shared library: [libkrb5.so.3] 0x00000001 (NEEDED) Shared library: [libcom_err.so.2] 0x00000001 (NEEDED) Shared library: [libgssapi_krb5.so.2] 0x00000001 (NEEDED) Shared library: [libdl.so.2] 0x00000001 (NEEDED) Shared library: [libnsl.so.1] 0x00000001 (NEEDED) Shared library: [libresolv.so.2] 0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000000000001 (NEEDED) Shared library: [libldap-2.3.so.0] 0x0000000000000001 (NEEDED) Shared library: [liblber-2.3.so.0] 0x0000000000000001 (NEEDED) Shared library: [libkrb5.so.3] 0x0000000000000001 (NEEDED) Shared library: [libcom_err.so.2] 0x0000000000000001 (NEEDED) Shared library: [libgssapi_krb5.so.2] 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library: [libnsl.so.1] 0x0000000000000001 (NEEDED) Shared library: [libresolv.so.2] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] [ebuild R ] net-nds/openldap-2.3.41 USE="berkdb crypt ipv6 overlays samba ssl tcpd -debug -gdbm -kerberos -minimal -odbc -perl -sasl (-selinux) -slp -smbkrb5passwd" 0 kB [ebuild R ] sys-auth/nss_ldap-258 USE="-debug -kerberos -sasl" 0 kB I do however have mit-krb5 installed.... The auto-magical depend blows.
Fixed in 264.