[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OPENLDAP_REL_ENG_2 -> 2.0.8
As far as I'm concerned, OpenLDAP's direct support for
Kerberos IV {kbind and "{KERBEROS}") is "unsupported".
One of these days I might even rip it out completely...
as Cyrus SASL supports KERBEROS_IV and PAM, that day
might come soon.
- Kurt
At 04:44 PM 3/24/01 -0800, Booker C. Bense wrote:
>On Fri, 23 Mar 2001, Michael [iso-8859-1] Ströder wrote:
>
>> Another one (with Kerberos enabled):
>>
>> cc -I/usr/local/sasl/include -I/usr/local/krb5/include -O2 -g
>> -I../../include -I../../include -I/usr/local/sasl/include
>> -I/usr/local/krb5/include -O2 -g -c -o auth.o auth.c
>> In file included from auth.c:37:
>> ud.h:269: conflicting types for `des_string_to_key'
>> /usr/local/krb5/include/kerberosIV/des.h:142: previous declaration
>> of `des_string_to_key'
>
>
>- For whatever reason, the k4 des emulation library in MIT's krb5
>code has the same function names, but different prototypes for
>some of the des library routines. I think this is a bug in the
>MIT code and will be submitting patches.
>
>- All I can suggest for now is to use KTH's krb4 libraries
>for the k4 stuff. Unless you are using the k4 SASL method,
>the kerberos 4 support in the original Umich code should
>be deprecated if at all possible. If you really want to try
>and accomodate this brokeness in the MIT libraries, I would
>suggest looking into the configure.in section and setting
>some ifdef such as
>
>#define BROKEN_MIT_DES
>
>- You can tell the MIT stuff since it is the only one that
>puts krb.h in include/kerberosIV.
>
>
>> auth.c: In function `krbgetpass':
>> auth.c:368: warning: passing arg 2 of `des_string_to_key' from
>> incompatible pointer type
>> make[2]: *** [auth.o] Error 1
>> make[2]: Leaving directory
>> `/home/michael/src/openldap2-dev/ldap/clients/ud'
>> make[1]: *** [all-common] Error 1
>> make[1]: Leaving directory
>> `/home/michael/src/openldap2-dev/ldap/clients'
>> make: *** [all-common] Error 1
>>
>
>- On a secondary note: It's less than ideal for ud to be asking for a
>password to get a kerberos tgt. While there is no technical reason not
>to, going from password to tgt is where K4 gets ugly. Better to
>confine that nastiness to the kinit program that comes with the
>kerberos code than to try and duplicate it in ud. This is standard
>practice with most of the various unix kerberos clients such as telnet
>and rlogin.
>
>- Booker C. Bense