Syncing sshd/krb GetAFSToken change to Portable: help wanted
Darren Tucker
dtucker at zip.com.au
Sat Jan 10 11:11:59 EST 2004
Steven Michaud wrote:
>>Configure is probably going to be changed to use krb5-config [1]
>>(assuming it tests OK, hint hint) where available, and the current
>>plan will check for libkafs regardless of whether it's Heimdal or
>>MIT Kerberos. If that goes ahead, I think we should change
>>session.c to "#if defined(KRB5) && defined(AFS)" to cover the case
>>you describe.
>
>
> The MIT folks don't (apparently) want to make libkafs part of MIT
> Kerberos or use krb5-config to store its configuration (see
> http://mailman.mit.edu/pipermail/krbdev/2004-January/002139.html and
> following). Others (including myself) think these are good ideas,
> even if they end up being implemented by someone other than MIT. But
> both sides seem to agree that a port of Heimdal's libkafs to MIT
> Kerberos is desirable. So it will probably eventually happen
> ... though it's difficult to predict exactly _how_ it will happen
> ... or when :-)
Heimdal doesn't have libkafs in krb5-config either, I just moved the
kafs check when I was working on the krb5-config patch because otherwise
I would have had to duplicate the code.
> So your current plan will do no harm (presuming that your code doesn't
> assume that Heimdal's libkafs will work with MIT Kerberos). But I
> suspect it will have to be revised (at least a little) when/if a port
> of Heimdal's libkafs to MIT Kerberos 5 does appear.
As long as you don't have Heimdal's libkafs in the library path when
you're building with MIT it should be fine.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list