Pending OpenSSH release: contains Kerberos/GSSAPI changes

sxw at sxw at
Thu Jan 22 22:32:58 EST 2004

[ follow-ups trimmed ]

On 22 Jan 2004, Damien Miller wrote:
> On Thu, 2004-01-22 at 20:00, Harald Barth wrote:
> > > Changes in -Portable only
> > >   - (dtucker) Only enable KerberosGetAFSToken if Heimdal's libkafs
> > >     is found.  with jakob@	
> > 
> > I see a potential for circular depend confusion: I need OpenSSL
> > installed to get some libraries that Heimdal needs and I need Heimdal
> > installed to get some libraries that OpenSSL needs? Has anyone tested
> > this on a clean system?
> What does OpenSSL need from Heimdal?

Recent OpenSSLs contain support for kerberising the SSL handshake 
as specified in RFC2712. 

You can get around the build dependencies by:
1) Build OpenSSL w/o Kerberos support
2) Build Heimdal
3) Build OpenSSL with Kerberos support (if you really need it!)

It's also important to note that the Kerberos dependencies are only in 
libssl. If you're only using libcrypto (as I believe both Heimdal and 
OpenSSH do), you shouldn't be affected at all.



More information about the openssh-unix-dev mailing list