I have made a bit of progress since I compiled
krb5-1.2.6.
./configure --with-cc=gcc --without-krb4 --disable-dns-for-kdc
It would be nice if there was an option to just
compile client stuff.
The resolv library problem went away. I don't know
if that was a change to krb5 or to cygwin. Bison
problems also went away.
Still need to add
#include <errno.h>
to src/util/ss/ss_internal.h, otherwise the
linker gives _errno errors.
I didn't have libutil installed when I did the
configure and I found I needed to add -lutil to
the link of login.krb5 in src/appl/bsd.
After that everything seemed to work (against an
AD KDC). I tried kinit, klist and telnet -a.
It seemed to create the file in /tmp with
appropriate NTFS security restrictions.
Next I successfully compiled kerberized ssh. Now
I can ssh without mucking with ssh keys everywhere.
It would also be nice if openssh had an option for
only compiling client stuff. Now I only need to
integrate ms2mit and I'll be in SSO heaven
[naturally ms2mit doesn't put the mit tgt in the
right place for cygwin]
I suspect that the client parts of krb5 and
openssh don't require all that cygwin heavy
lifting and could be compiled with mingw with
a bit of effort.
Given that kerberos is a unifying feature linking
windows and unix it would be nice to see kerberos
and kerberized apps in cygwin.
Bob