[MacPorts] #36781: cyrus-sasl2: use Heimdal instead of MIT Kerberos on Lion and later

MacPorts noreply at macports.org
Sun Oct 28 15:54:43 PDT 2012 

#36781: cyrus-sasl2: use Heimdal instead of MIT Kerberos on Lion and later
--------------------------+--------------------------------
  Reporter:  aronnax@…    |      Owner:  macports-tickets@…
      Type:  enhancement  |     Status:  new
  Priority:  Normal       |  Milestone:
 Component:  ports        |    Version:  2.1.2
Resolution:               |   Keywords:  haspatch
      Port:  cyrus-sasl2  |
--------------------------+--------------------------------

Comment (by aronnax@…):

 Replying to [comment:1 ryandesign@…]:
 > Wouldn't we have to make similar changes to all ports that have a
 dependency on kerberos5? This is the list, as far as I can tell:
 >
 >  * cclient
 >  * cyrus-sasl2
 >  * fetchmail
 >  * freeradius
 >  * kdelibs4
 >  * mailx
 >  * nds2-client
 >  * openssh
 >  * py-pykerberos
 >  * remctl
 >  * samba3
 >  * yafc

 Yes, that's right, there are some other ports that would need changes
 similar to cyrus-sasl2.

 Of the ports that you listed:

  * nds2-client: I maintain this port, and its developers say that cyrus-
 sasl2 is preferred over the kerberos5 gssapi library. So nds2-client does
 not need a direct dependency on kerberos5 or cyrus-sasl2.
  * yafc: has a heimdal variant, and it is enabled by default

 > There's no particular need to change heimdal's prefix and make it
 conflict with kerberos5, is there? That would seem to be a step backwards.

 Leaving heimdal in an alternative prefix would not represent a complete
 solution. The problem is that ${prefix}/bin/kinit is currently always
 provided by the kerberos5 port (MIT Kerberos). As a result, when a
 MacPorts user runs kinit, the tickets created by it are not compatible
 with Apple's own key store on Lion and Mountain Lion.

 If we let heimdal use the main MacPorts installation prefix, have it
 conflict with kerberos5, and have ports that need Kerberos support use
 kerberos5 on pre-Lion systems and heimdal on post-Lion systems, then
 MacPorts applications should work with Apple's key store on all systems.

-- 
Ticket URL: <https://trac.macports.org/ticket/36781#comment:2>
MacPorts <http://www.macports.org/>
Ports system for Mac OS

More information about the macports-tickets mailing list