Syncing sshd/krb GetAFSToken change to Portable: help wanted

Darren Tucker dtucker at
Fri Jan 9 19:40:47 EST 2004

Steven Michaud wrote:

> Let's try this again ... this time with a subject line :-)
> I haven't (yet) tried your patch, but here's some information you may
> find useful:
> There exists a "krbafs" library, which is in effect a port of KTH
> Kerberos's libkafs to MIT Kerberos V
> (  But KTH-krb is (of course) a
> clone of Kerberos 4, so libkrbafs requires Kerberos 4 credentials.
> (I've only built krbafs on OS X, and its "home page" is directed
> towards users of OS X.  But krbafs should in principle work on other
> platforms, and several different RPM versions of it are available --
> e.g.
> Eventually someone may port Heimdal's libkafs to MIT Kerberos V.  But
> until that happens I'd just wrap your new code inside #ifdef HEIMDAL
> blocks.

Thanks.  At the moment, the code in session.c is inside "#if 
defined(HEIMDAL) && defined(AFS)", and configure only test for libkafs 
if it detects Heimdal.

Configure is probably going to be changed to use krb5-config [1] 
(assuming it tests OK, hint hint) where available, and the current plan 
will check libkafs for regardless of whether it's Heimdal or MIT 
Kerberos.  If that goes ahead, I think we should change session.c to 
"#if defined(KRB5) && defined(AFS)" to cover the case you describe.


Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list