Syncing sshd/krb GetAFSToken change to Portable: help wanted

Darren Tucker dtucker at
Sat Jan 10 11:11:59 EST 2004

Steven Michaud wrote:

>>Configure is probably going to be changed to use krb5-config [1]
>>(assuming it tests OK, hint hint) where available, and the current
>>plan will check for libkafs regardless of whether it's Heimdal or
>>MIT Kerberos.  If that goes ahead, I think we should change
>>session.c to "#if defined(KRB5) && defined(AFS)" to cover the case
>>you describe.
> The MIT folks don't (apparently) want to make libkafs part of MIT
> Kerberos or use krb5-config to store its configuration (see
> and
> following).  Others (including myself) think these are good ideas,
> even if they end up being implemented by someone other than MIT.  But
> both sides seem to agree that a port of Heimdal's libkafs to MIT
> Kerberos is desirable.  So it will probably eventually happen
> ... though it's difficult to predict exactly _how_ it will happen
> ... or when :-)

Heimdal doesn't have libkafs in krb5-config either, I just moved the 
kafs check when I was working on the krb5-config patch because otherwise 
I would have had to duplicate the code.

> So your current plan will do no harm (presuming that your code doesn't
> assume that Heimdal's libkafs will work with MIT Kerberos).  But I
> suspect it will have to be revised (at least a little) when/if a port
> of Heimdal's libkafs to MIT Kerberos 5 does appear.

As long as you don't have Heimdal's libkafs in the library path when 
you're building with MIT it should be fine.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list