OPenAFS and OpenSSH replacing kafs

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Mar 2 08:25:08 EST 2004



On Sun, 29 Feb 2004, Sergio Gelato wrote:

> * Ben Lindstrom [2004-02-28 18:36:03 -0600]:
> > I have patches for OS/X to compile.  I'll work on finalizing this because
> > some of this needs to go upstream (I plan on gutting  the krb5_init_ets()
> > since it is a private API and is not needed on most systems).  I need to
> > track down why extactly zlib.h hates being where it is, but this at least
> > is a workaround.
>
> The Kerberos framework includes <TargetConditionals.h> which defines
> TARGET_OS_MAC, and /usr/include/zconv.h inexplicably suppresses the
> "typedef unsigned char Byte;" line in that case. Looks like a simple
> case of broken headers. For my builds I'll just copy zlib.h and zconv.h
> to the build directory, patch the copy of zconv.h and continue. Your
> solution of including zlib.h before krb5.h is probably also OK as a
> workaround.

If this is a real bug in the headers.  Then apple should be informed and
they should correct the issue.

> Your patches seem to be missing the SessionCreate() calls to the
> Security framework (the moral equivalent to setpag() I believe).
> Also, Michaud's patch was using the CCache API to manage the Kerberos
> credentials when linking against the Kerberos framework. That sort of
> detail could make the difference between "compiles" and "works". But
> we'll see; I'll try to find time to work on this on Monday.
>

This is a separate issue.  If you look at the Apple source code it is an
optional patch for CCache API.  Unless Apple has stripped out the other
forms of fetching creditionals.

I have no quarms importing CCache API if one is presented to me.  Just not
sure I liked the way Apple did it.  But I only took a few moments glance
at it.

- Ben




More information about the openssh-unix-dev mailing list