[Date Prev][Date Next]
Re: Q: Heimdal on RedHat
--On Tuesday, April 06, 2004 5:01 PM -0400 "Kirk A. Turner-Rustin"
On Tue, 6 Apr 2004, Frank Swasey wrote:
I have seen the mantra here so many times that one should always
compile OpenLDAP using the Heimdal libraries. However, on a RedHat
(Fedora or otherwise) system, the MIT libraries are so entertwined in
the os (SSL, SASL) that I'm wondering if anyone has crossed this bridge
before (or are you all like me and just continuing to use the MIT
libraries to this point) to compile OpenLDAP 2.1 on a RedHat system with
the heimdal libraries and how you managed it.
I can only state that, with the goal of building slapd without
MIT Kerberos, I tried rebuilding the OpenLDAP source RPM I'm using
(OL 2.1.25 + BDB 4.2.25 + 1 patch -- derived from Jehan's SRPM)
on RedHat 9 using --without-kerberos and failed (according to ldd)
to end up with a Kerberos-free slapd. I started fiddling with lib
paths and pragmas in the spec file but stopped when I saw (as you
have) that I'd have to rebuild other native packages like OpenSSL
and consequently deal with additional package dependencies.
If I want to continue to use RPM to manage my OL installations,
the only course seems to be (1) recursively rebuild and install
dependent packages without MIT Kerberos and with Heimdal, (2) hack
the OpenLDAP SRPM spec file to build from source and statically link
Heimdal and non-MIT versions of OpenSSL et al into the OpenLDAP RPMs,
or (3) live with MIT Kerberos for awhile (until Fedora Core 3?).
The goal really is to have an MIT Kerberos free cyrus-SASL and OpenLDAP.
If you are using SASL/GSSAPI binds, the whole things fails miserably if
cyrus-SASL has been built against the MIT libraries.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html