The new net-fs/samba-libs-3.4.2-r1[samba4] requires app-crypt/heimdal as a krb5 implementation as opposed to the app-crypt/mit-krb5 version. Although dev-libs/openssl[kerberos] has the logic to handle which virtual/krb5 package is installed in src_compile(), RDEPEND makes a hard dependency on app-crypt/mit-krb5 instead of using the (seemingly more appropriate) virtual/krb5 package. Not sure which package to file this against - samba-libs introduced the conflict, but it seems that the easiest fix may be to rectify openssl's RDEPEND.
But, IIRC, the problem is that openssl upstream accepts only mit-krb5.
I don't know openssl well enough to speak to that, but the following content in each of the three openssl ebuilds seems to indicate otherwise: [root@test ~] grep krb5 /usr/portage/dev-libs/openssl/openssl-0.9.8k-r1.ebuild kerberos? ( app-crypt/mit-krb5 )" local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
both packages need to be fixed, but the DEPEND isnt there because someone forgot to use the virtual. at least this is true for openssl. the source code (and upstream package maintainers) need work to use either kerberos provider.
You should read openssl Configure file - there they explicitly say "Heimdal is unsupported". Perhaps it did work at some point, but it seems they've dropped it.
I can confirm - openssl won't work with heimdal.
Closing as openssl still does not work with heimdal and any fix should be coming from upstream. Reopen if you disagree.