I note with interest that Kerberos support is now available (for the version 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT Kerberos, due to the usual Heimdal/MIT library differences. These look, by and large, like the same problems I encountered when porting Dan Kouril's patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches need to use the KRB5 define too :-) If I package these fixes up and submit them, is there any likelihood of them making it into the portable code (suitably #ifdef'd, of course)? Cheers, Simon. -- Simon Wilkinson <simon at sxw.org.uk> http://www.sxw.org.uk "I have never made but one prayer to God, a very short one: 'O Lord, make my enemies ridiculous.' And God granted it" - Voltaire
Sure.. - Ben On Thu, 27 Sep 2001, Simon Wilkinson wrote:> > I note with interest that Kerberos support is now available (for the version > 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT > Kerberos, due to the usual Heimdal/MIT library differences. These look, by > and large, like the same problems I encountered when porting Dan Kouril's > patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches > need to use the KRB5 define too :-) > > If I package these fixes up and submit them, is there any likelihood of them > making it into the portable code (suitably #ifdef'd, of course)? > > Cheers, > > Simon. > -- > Simon Wilkinson <simon at sxw.org.uk> http://www.sxw.org.uk > "I have never made but one prayer to God, a very short one: 'O Lord, make my > enemies ridiculous.' And God granted it" - Voltaire > >
Simon Wilkinson <simon at sxw.org.uk> writes:> I note with interest that Kerberos support is now available (for the version > 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT > Kerberos, due to the usual Heimdal/MIT library differences. These look, by > and large, like the same problems I encountered when porting Dan Kouril's > patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches > need to use the KRB5 define too :-) > > If I package these fixes up and submit them, is there any likelihood of them > making it into the portable code (suitably #ifdef'd, of course)?Please get the MIT people, Heimdal people and the Kerberos community to define and implement a common API instead. Maintaining #ifdefs is a RPITA. -- --- Hans Insulander <hin at stacken.kth.se>, SM0UTY ----------------------- Lazy bum bum slacker -- Theo de Raadt
Look in the Linux-PAM CVS repository at SourceForge. In the devl branch of the PAM_KRB5 module you'll find some Heimdal/MIT compatibility shims. This module is dual licensed, GPL/BSD (or will be soon -- I think the devl COPYRIGHT file has the MIT license currently). Nico On Thu, Sep 27, 2001 at 01:34:15AM +0100, Simon Wilkinson wrote:> > I note with interest that Kerberos support is now available (for the version > 1 protocol, at least) in OpenSSH 2.9.9p2. However, it does not build with MIT > Kerberos, due to the usual Heimdal/MIT library differences. These look, by > and large, like the same problems I encountered when porting Dan Kouril's > patch to MIT Kerberos - so I'm having a go at fixing them (my GSSAPI patches > need to use the KRB5 define too :-) > > If I package these fixes up and submit them, is there any likelihood of them > making it into the portable code (suitably #ifdef'd, of course)? > > Cheers, > > Simon. > -- > Simon Wilkinson <simon at sxw.org.uk> http://www.sxw.org.uk > "I have never made but one prayer to God, a very short one: 'O Lord, make my > enemies ridiculous.' And God granted it" - Voltaire-- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.