nslcd Kerberos support will not work without SASL. To configure Kerberos support, a ticket cache containing the host key is needed: kinit -c /etc/nslcd.ccache -k host/gentoo-test-clang.coronya.com chown nslcd:nslcd /etc/nslcd.ccache For /etc/nslcd.conf, here are the key lines for Kerberos support: krb5_ccname /etc/nslcd.ccache sasl_mech gssapi sasl_authzid dn:uid=host/ldap-client.example.com,cn=gssapi,cn=auth The last 2 lines require SASL support. Without it, no errors occur but there is no Kerberos communication to the server. There should be a REQUIRED_USE for this.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11a9c3899bf034ecf31760e84a91db357aed0980 commit 11a9c3899bf034ecf31760e84a91db357aed0980 Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2024-07-03 23:15:30 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2024-07-03 23:59:59 +0000 sys-auth/nss-pam-ldapd: Fix Kerberos functionality by requiring SASL Closes: https://bugs.gentoo.org/935258 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> .../nss-pam-ldapd/nss-pam-ldapd-0.9.12-r4.ebuild | 166 +++++++++++++++++++++ 1 file changed, 166 insertions(+)