The mit-krb5 documentation (see the URL) shows how to get kerberos to be built against a system installed sys-libs/db. It appears that mit-krb5-1.6.3-r6 bundles ``version 2.0-ALPHA of the Berkeley DB code.'' (see work/krb5-1.6.3/src/plugins/kdb/db2/libdb2/README.db2) Building against sys-libs/db:3 seems to work somewhat (I'll try newer versions of db later), but requires a workaround explained at the end of http://www.ba.infn.it/~domenico/docs/AAIFiles/kerberos.html . To upgrade, a user would first have to do something like $ kdb5_util dump "principal.dump" to save the database. Then he'd install the mit-krb5 that uses the system sys-libs/db and run the following two commands to restore his principal database: $ rm /var/lib/krb5kdc/principal* $ kdb5_util load "principal.dump" This command would partially succeed, yet give an error. Then the user would have to rename every file matching /var/lib/krb5kdc/principal~* so that the tilde is removed. This renaming process should involve overwriting a file named /var/lib/krb5kdc/principal which will be a corrupted copy of the database. After renaming the files, running $ rc-service mit-krb5kdc start should allow the kerberos server to start. I was able to use kinit successfully after this on my local realm. However, the problems with using kdb5_util are probably what the kerberos docs refer to in the following quote: `` In particular, we do not know if the database-rename code used in the dumpfile load operation will behave properly.''. kdb5_util's load gives standard sub-errors such as ``No such file or directory''. Maybe this bug can track attempts to fix mit-krb5's code database-renaming code. Please add this to the tracker bug 251464, flameeyes :-).... unless if my putting the tracker bug in the ``Blocks'' input box works...
Do you need this bug only for tracking or do you expect me to fix the issue? I mean I am ebuild maintainer but as a one-man-herd I do not have the resources to fix upstream functionality. g, mueli
(In reply to comment #1) > Do you need this bug only for tracking or do you expect me to fix the issue? I > mean I am ebuild maintainer but as a one-man-herd I do not have the resources > to fix upstream functionality. For these reasons I expect this to be treated as a tracker. I peeked into mit-krb5's code near the database renaming code and am left clueless of how it should work. I wonder more why it works at all ;-).
While I agree that using system sys-libs/db is preferable, it is too much of an hassle for the current users (dump/load/rename etc). I will stick with the bundled db files for now.
