[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP_REL_ENG_2 -> 2.0.8

To: "Booker C. Bense" <bbense@networking.stanford.edu>
Subject: Re: OPENLDAP_REL_ENG_2 -> 2.0.8
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 24 Mar 2001 17:43:30 -0800
Cc: Michael Ströder <michael@stroeder.com>, "openldap-devel@OpenLDAP.org" <openldap-devel@OpenLDAP.org>
In-reply-to: <Pine.GSO.4.33.0103241625050.12334-100000@shred.stanford.ed u>
References: <3ABA8491.3F3FFA6B@stroeder.com>

As far as I'm concerned, OpenLDAP's direct support for
Kerberos IV {kbind and "{KERBEROS}") is "unsupported".
One of these days I might even rip it out completely...
as Cyrus SASL supports KERBEROS_IV and PAM, that day
might come soon.
        - Kurt

At 04:44 PM 3/24/01 -0800, Booker C. Bense wrote:
>On Fri, 23 Mar 2001, Michael [iso-8859-1] Ströder wrote:
>
>> Another one (with Kerberos enabled):
>>
>> cc -I/usr/local/sasl/include -I/usr/local/krb5/include -O2 -g
>> -I../../include        -I../../include   -I/usr/local/sasl/include
>> -I/usr/local/krb5/include -O2 -g     -c -o auth.o auth.c
>> In file included from auth.c:37:
>> ud.h:269: conflicting types for `des_string_to_key'
>> /usr/local/krb5/include/kerberosIV/des.h:142: previous declaration
>> of `des_string_to_key'
>
>
>- For whatever reason, the k4 des emulation library in MIT's krb5
>code has the same function names, but different prototypes for
>some of the des library routines. I think this is a bug in the
>MIT code and will be submitting patches.
>
>- All I can suggest for now is to use KTH's krb4 libraries
>for the k4 stuff. Unless you are using the k4 SASL method,
>the kerberos 4 support in the original Umich code should
>be deprecated if at all possible. If you really want to try
>and accomodate this brokeness in the MIT libraries, I would
>suggest looking into the configure.in section and setting
>some ifdef such as
>
>#define BROKEN_MIT_DES
>
>- You can tell the MIT stuff since it is the only one that
>puts krb.h in include/kerberosIV.
>
>
>> auth.c: In function `krbgetpass':
>> auth.c:368: warning: passing arg 2 of `des_string_to_key' from
>> incompatible pointer type
>> make[2]: *** [auth.o] Error 1
>> make[2]: Leaving directory
>> `/home/michael/src/openldap2-dev/ldap/clients/ud'
>> make[1]: *** [all-common] Error 1
>> make[1]: Leaving directory
>> `/home/michael/src/openldap2-dev/ldap/clients'
>> make: *** [all-common] Error 1
>>
>
>- On a secondary note: It's less than ideal for ud to be asking for a
>password to get a kerberos tgt. While there is no technical reason not
>to, going from password to tgt is where K4 gets ugly. Better to
>confine that nastiness to the kinit program that comes with the
>kerberos code than to try and duplicate it in ud. This is standard
>practice with most of the various unix kerberos clients such as telnet
>and rlogin.
>
>- Booker C. Bense

Follow-Ups:
- Re: OPENLDAP_REL_ENG_2 -> 2.0.8
  - From: wes@umich.edu

References:
- Re: OPENLDAP_REL_ENG_2 -> 2.0.8
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OPENLDAP_REL_ENG_2 -> 2.0.8
Next by Date: Migration scripts in 2.07 and schemas
Index(es):
- Chronological
- Thread