With the 'kerberos' USE-flag set, net-nds/gq depends directly upon mit-krb5. As such, a dependency upon a krb4 library goes unnoticed. Changing the dependency to virtual/krb5 with heimdal installed causes compilation to fail because the configure script assumes that it can link against a 'des425' library. To build with app-crypt/heimdal, it is sufficient to change the dependency to virtual/kerberos and insert the following line at the start of src_compile() for 0.6.0 or at the end of src_unpack() for 1.0_beta1: sed -i 's/ -ldes425//' ${S}/configure I do not know what is the portable and Reproducible: Always Steps to Reproduce: 1. emerge app-crypt/heimdal 2. emerge -pv net-nds/gq 3. Actual Results: Blocking dependency upon mit-krb5 Expected Results: Used the virtual/krb5 dependency provided by heimdal when built with 'kerberos' USE-flag. Not have depended upon a Kerberos 4 library without building with the 'krb4' USE-flag. Above changes have been tested to build both 0.6.0 and 1.0_beta1 on an x86 (not ~x86) system. Have only tried running the 0.6.0 version, due to issues of availability (sorry). Have not tested the Kerberos functionality as I'm still working on deployment and I need this for testing. Sorry about that, but I hope this is still useful anyway, for highlighting the issue and basic debugging.
Phil, any other news on this then?
Not yet; the Kerberos remains untested. Sorry.
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --build=i686-pc-linux-gnu --enable-browser-dnd --enable-cache --with-included-gettext --with-kerberos-prefix=/usr/heimdal [cut] UTF-8 support.................. yes LDAP Schema support............ yes TLS support.................... yes Encrypted passwords............ yes Gdk-pixbuf support............. yes SASL binds..................... yes Kerberos binds................. yes Browser Drag and drop.......... yes OpenLDAP client-side caching... no Internationalization........... yes Debugging support ............. yes I saw no check done by configure for presence of the kerberos tree at all, so I had a look into the sources. It just blidnly accept the prefix, whatever crap you put in: # Check whether --with-kerberos-prefix or --without-kerberos-prefix was given. if test "${with_kerberos_prefix+set}" = set; then withval="$with_kerberos_prefix" LIBS="-L$with_kerberos_prefix/lib -lkrb5 -ldes425 $LIBS" cat >>confdefs.h <<\_ACEOF #define HAVE_KERBEROS 1 _ACEOF HAVE_KERBEROS=1 fi; For your info, recent heimdal compiled _without_ krb4 backward support have: # /usr/heimdal/bin/krb5-config --libs -L/usr/heimdal/lib -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -ldb -lresolv # /usr/heimdal/bin/krb5-config --cflags -I/usr/heimdal/include # I think if you want to use 524, it requires you to compile heimdal with krb4 support, that means you must install kth-krb, install heimdal and use the --with-krb4=/usr/athena flag and then you may give net-nds/gq another try. I tried now heimdal-0.7 and configured it to build link in the kth-krb4 libraries by using the --with-krb4 flag. But could not get it compiled. I've posted heimdal-bugs email list. It might be I used too new kth-krb4, which was the latest snapshot 1.3_rc1 (try 1.2.2 instead). But if I remember well, 1.3 version adds support for openssl 0.9.7. Before 0.9.7 heimdal did not use des functions from libcrypto but used it's own (to be exact, configure decides if it uses internal libdes or uses libcrypto). There used to be nameclashes between those two libs and problems typically manifested when someone wanted to compile openssh against openssl and heimdal or kth-krb4. But that's another story. ;-) That's it for now. ;-)
This package has been removed from the tree.