# Building www/chromium with MIT kerberos



## zirias@ (Apr 18, 2016)

Hi all,

for my new system, I don't want to use openssl from base. I left it there because of all kinds of problems without it (starting with fetch being unable to fetch from https) but make sure it isn't used by ports and therefore also left out the heimdal kerberos.

Now trying to build www/chromium (with standard options, which includes kerberos) failed, missing a gssapi header. In order to fulfill all kerberos dependencies with MIT kerberos, I already have this in my make.conf:

```
OPTIONS_UNSET=          GSSAPI_BASE
OPTIONS_SET=            GSSAPI_MIT
```
Unfortunately, www/chromium only provides a simple KERBEROS option. It seems to work now with this:

```
.if ${.CURDIR:M*/www/chromium}
KERBEROS_LIB_DEPENDS=   libgssapi_krb5.so:security/krb5
.endif
```
 It's still building but looks good so far. But I don't think this is a good solution. Probably, www/chromium should be extended to support the GSSAPI_* options. I'd like to give that a try, but have a question about it: On a system with the standard base, that includes kerberos, how would you prevent it from linking against it when GSSAPI_BASE is unset?


----------



## zirias@ (Apr 18, 2016)

Hm after successful build and installation, I found chromium dlopens the gssapi lib with a configurable library filename, so it's probably the correct thing that www/chromium doesn't support the GSSAPI_* options -- and I should change my workaround to a BUILD dependency on gssapi.h:

```
.if ${.CURDIR:M*/www/chromium}
KERBEROS_BUILD_DEPENDS=   ${LOCALBASE}/include/gssapi/gssapi.h:security/krb5
.endif
```
Or would it be acceptable to use the GSSAPI_* options for build-time only when stating that clearly in the options' descriptions?


----------

