Re: kerberos is the new sqlite: disable, force mit, or ?

To: Taylor R Campbell <campbell+netbsd-tech-pkg%mumble.net@localhost>
Subject: Re: kerberos is the new sqlite: disable, force mit, or ?
From: nia <nia%NetBSD.org@localhost>
Date: Wed, 4 Sep 2024 06:22:44 +0000

On Wed, Sep 04, 2024 at 01:46:56AM +0000, Taylor R Campbell wrote:
> FYI, gss_store_cred_into has been added to Heimdal, but it isn't out
> in a release yet.
> 
> https://github.com/heimdal/heimdal/issues/451
> https://github.com/heimdal/heimdal/commit/e0bb9c10cad0fd98245caecf8af8fca855b2df49

This was also mostly the situation with sqlite3.
The right thing to do would have been to enable the relevant
features in NetBSD rather than create a two-tier system where
databases are unreadable depending on the order of $PATH.

> I don't think any of these answers is right.  Mixing gssapi
> implementations is doomed to failure.  Instead, pkgsrc should have
> some way to request krb5/gssapi extensions.  And if the implementation
> chosen can't satisfy them, the package build should noisily fail.
> Builders can change the _treewide_ krb5/gssapi implementation choice
> in order to make this consistent.
> 
> For example, maybe something like:
> 
> GSSAPI_REQD+=	credstoreext
> .include "../../mk/krb5.buildlink3.mk"

+1

Follow-Ups:
- Re: kerberos is the new sqlite: disable, force mit, or ?
  - From: Taylor R Campbell

References:
- kerberos is the new sqlite: disable, force mit, or ?
  - From: Greg Troxel
- Re: kerberos is the new sqlite: disable, force mit, or ?
  - From: Taylor R Campbell

Prev by Date: Re: kerberos is the new sqlite: disable, force mit, or ?
Next by Date: security/libassuan2
Previous by Thread: Re: kerberos is the new sqlite: disable, force mit, or ?
Next by Thread: Re: kerberos is the new sqlite: disable, force mit, or ?
Indexes:

Home | Main Index | Thread Index | Old Index