Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 95963 - net-nds/gq +kerberos dependency on mit-krb5 ipv heimdal with krb4 issue
Summary: net-nds/gq +kerberos dependency on mit-krb5 ipv heimdal with krb4 issue
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Kerberos Maintainers
Depends on:
Blocks: 122336
  Show dependency tree
Reported: 2005-06-13 04:54 UTC by Phil Pennock
Modified: 2006-03-25 22:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Phil Pennock 2005-06-13 04:54:08 UTC
With the 'kerberos' USE-flag set, net-nds/gq depends directly upon mit-krb5.  As
such, a dependency upon a krb4 library goes unnoticed.

Changing the dependency to virtual/krb5 with heimdal installed causes
compilation to fail because the configure script assumes that it can link
against a 'des425' library.

To build with app-crypt/heimdal, it is sufficient to change the dependency to
virtual/kerberos and insert the following line at the start of src_compile() for
0.6.0 or at the end of src_unpack() for 1.0_beta1:
  sed -i 's/ -ldes425//' ${S}/configure

I do not know what is the portable and 

Reproducible: Always
Steps to Reproduce:
1. emerge app-crypt/heimdal
2. emerge -pv net-nds/gq

Actual Results:  
Blocking dependency upon mit-krb5

Expected Results:  
Used the virtual/krb5 dependency provided by heimdal when built with 'kerberos'
Not have depended upon a Kerberos 4 library without building with the 'krb4'

Above changes have been tested to build both 0.6.0 and 1.0_beta1 on an x86 (not
~x86) system.  Have only tried running the 0.6.0 version, due to issues of
availability (sorry).  Have not tested the Kerberos functionality as I'm still
working on deployment and I need this for testing.  Sorry about that, but I hope
this is still useful anyway, for highlighting the issue and basic debugging.
Comment 1 Seemant Kulleen (RETIRED) gentoo-dev 2005-07-19 10:13:47 UTC
Phil, any other news on this then?
Comment 2 Phil Pennock 2005-07-20 02:14:29 UTC
Not yet; the Kerberos remains untested.  Sorry.
Comment 3 Martin Mokrejš 2005-07-25 17:38:47 UTC
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --build=i686-pc-linux-gnu --enable-browser-dnd
--enable-cache --with-included-gettext --with-kerberos-prefix=/usr/heimdal
UTF-8 support.................. yes
LDAP Schema support............ yes
TLS support.................... yes
Encrypted passwords............ yes
Gdk-pixbuf support............. yes
SASL binds..................... yes
Kerberos binds................. yes
Browser Drag and drop.......... yes
OpenLDAP client-side caching... no
Internationalization........... yes
Debugging support ............. yes

I saw no check done by configure for presence of the kerberos tree at all, so I
had a look into the sources. It just blidnly accept the prefix, whatever crap
you put in:

# Check whether --with-kerberos-prefix or --without-kerberos-prefix was given.
if test "${with_kerberos_prefix+set}" = set; then
             LIBS="-L$with_kerberos_prefix/lib -lkrb5 -ldes425 $LIBS"
cat >>confdefs.h <<\_ACEOF

For your info, recent heimdal compiled _without_ krb4 backward support have:

# /usr/heimdal/bin/krb5-config --libs
-L/usr/heimdal/lib -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -ldb -lresolv
# /usr/heimdal/bin/krb5-config --cflags

I think if you want to use 524, it requires you to compile heimdal with krb4
support, that means you must install kth-krb, install heimdal and use the
--with-krb4=/usr/athena flag and then you may give net-nds/gq another try.

I tried now heimdal-0.7 and configured it to build link in the kth-krb4
libraries by using the --with-krb4 flag. But could not get it compiled. I've
posted heimdal-bugs email list. It might be I used too new kth-krb4, which was
the latest snapshot 1.3_rc1 (try 1.2.2 instead). But if I remember well, 1.3
version adds support for openssl 0.9.7. Before 0.9.7 heimdal did not use des
functions from libcrypto but used it's own (to be exact, configure decides if it
uses internal libdes or uses libcrypto). There used to be nameclashes between
those two libs and problems typically manifested when someone wanted to compile
openssh against openssl and heimdal or kth-krb4. But that's another story. ;-)

That's it for now. ;-)
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2006-03-25 22:20:21 UTC
This package has been removed from the tree.