[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP_REL_ENG_2 -> 2.0.8

To: Michael Ströder <michael@stroeder.com>
Subject: Re: OPENLDAP_REL_ENG_2 -> 2.0.8
From: "Booker C. Bense" <bbense@networking.stanford.edu>
Date: Sat, 24 Mar 2001 16:44:47 -0800 (PST)
Cc: "openldap-devel@OpenLDAP.org" <openldap-devel@OpenLDAP.org>
In-reply-to: <3ABA8491.3F3FFA6B@stroeder.com>

On Fri, 23 Mar 2001, Michael [iso-8859-1] Ströder wrote:

> Another one (with Kerberos enabled):
>
> cc -I/usr/local/sasl/include -I/usr/local/krb5/include -O2 -g
> -I../../include        -I../../include   -I/usr/local/sasl/include
> -I/usr/local/krb5/include -O2 -g     -c -o auth.o auth.c
> In file included from auth.c:37:
> ud.h:269: conflicting types for `des_string_to_key'
> /usr/local/krb5/include/kerberosIV/des.h:142: previous declaration
> of `des_string_to_key'


- For whatever reason, the k4 des emulation library in MIT's krb5
code has the same function names, but different prototypes for
some of the des library routines. I think this is a bug in the
MIT code and will be submitting patches.

- All I can suggest for now is to use KTH's krb4 libraries
for the k4 stuff. Unless you are using the k4 SASL method,
the kerberos 4 support in the original Umich code should
be deprecated if at all possible. If you really want to try
and accomodate this brokeness in the MIT libraries, I would
suggest looking into the configure.in section and setting
some ifdef such as

#define BROKEN_MIT_DES

- You can tell the MIT stuff since it is the only one that
puts krb.h in include/kerberosIV.


> auth.c: In function `krbgetpass':
> auth.c:368: warning: passing arg 2 of `des_string_to_key' from
> incompatible pointer type
> make[2]: *** [auth.o] Error 1
> make[2]: Leaving directory
> `/home/michael/src/openldap2-dev/ldap/clients/ud'
> make[1]: *** [all-common] Error 1
> make[1]: Leaving directory
> `/home/michael/src/openldap2-dev/ldap/clients'
> make: *** [all-common] Error 1
>

- On a secondary note: It's less than ideal for ud to be asking for a
password to get a kerberos tgt. While there is no technical reason not
to, going from password to tgt is where K4 gets ugly. Better to
confine that nastiness to the kinit program that comes with the
kerberos code than to try and duplicate it in ud. This is standard
practice with most of the various unix kerberos clients such as telnet
and rlogin.

- Booker C. Bense

References:
- Re: OPENLDAP_REL_ENG_2 -> 2.0.8
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: New in Ldap
Next by Date: Re: OPENLDAP_REL_ENG_2 -> 2.0.8
Index(es):
- Chronological
- Thread