On Sat, Nov 17, 2001 at 11:40:51AM +0000, Simon Wilkinson
wrote:> [...]
> Thanks for these. Unfortunately, your vrs patches seem to be based on
> an earlier version of my patch than the one you're bundling. In
particular,
> your patch adds back in the incorrect replay cache code (it uses the wrong
> cache name), and takes out the use_uid calls that are necessary to make
> verify_init_creds() work correctly. It also adds back in the xfree() calls
> in auth1.c that I removed - these have to be removed to make it work
reliably.
I'm sorry not to have responded before now - I took last week off.
It looks like you're right. I had intended to combine your later krb5
patch with your auth1.c patch, and then #ifdef out the parts that couldn't
be easily reconciled with krb5 1.0.6.
> I am right in thinking that the basic change that is required is to
> conditionally remove auth_krb5_password (or just make it a stub that
> does nothing useful) if built against old MIT Kerberoses?
Yes, because auth_krb5_password needs get_, verify_init_creds(), which
are missing in krb5 1.0.6.
> Finally there are a couple of patches to the rijandel code that don't
seem
> related?
Some time back I had problems with the u8/u16/u32 unsigned typedefs
in openssl rijndael/rd_fst.h getting redefined. I think this only
happened in the openssl applications (some subset of lynx, w3m, curl,
and stunnel)... and looking at my application patches all I see is
stunnel. So why didn't I just patch stunnel instead of mucking with
the main code? I'm not sure, but I think there was a reason.
I'm overdue to update the kssl patches. I should probably revert to
the original rd_fst.h and revisit this.
--
"My company prefers to have that kind of decision made by
uninformed executives. We call it "Empowerment".
--Dilbert
staatsvr at asc.hpc.mil
Vern Staats, ASC/HPTS, WPAFB OH 45433, 937-255-1616x449