[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos 5 Support for OpenLDAP-release

On Tue, 28 Sep 1999, Kurt D. Zeilenga wrote:

> Booker Bense wrote:
> > 
> > On Thu, 23 Sep 1999, Kurt D. Zeilenga wrote:
> > 
> > > Booker Bense wrote:
> > > > - When I was messing around with this I found that there is
> > > > a problem building it with the MIT K5 kerberos4 libraries.
> > > > It looks like a simple fix, just seems to be some libraries
> > > > missing on the compile line. I think it's just a matter of
> > > > adding -lcrypto and -lcom_err to the K5 library list. I'll
> > > > try it and see what happens.
> > >
> > > This is the second area I meantioned needing work.  A
> > > developer(s) with a good knowledge of various Kerberos
> > > (K4, K5, KTH, whatever) releases needs to sort out the
> > > build system...  I'm quite willing to provide autoconf help.
> > >
> > 
> > - Well, I tested it and if you add -lcrypto and -lcom_err for the MIT
> > K5 k4 libraries, it compiles and works. I haven't had the
> > chance to look at the appropriate changes for configure.in yet.
> Are -lcrypto and -lcom_err both MIT K5 distribution libraries?

- Yes. They are pretty much required to compile anything with -lkrb5. 

> Is -lcom_err the same as FreeBSD's -lcom_err ?
> 	http://www.openldap.org/software/man.cgi?query=com_err

- I'm pretty sure they are. I think K5 includes this because it's
not usually available in most OS's. The com_err routine in K5 
behaves exactly as described in that man page. 

> We link with this library under FreeBSD when we use -lfetch (URL
> fetching)... so I wonder about compatibility.

- They look identical to me, but I don't run FreeBSD so I can
be 100% about it. Ken Raeburn's name is on both sets of bits
so I suspect they are compatible. 

> > - What other environments are you trying to make it work for?
> Well, I'd like it to work for the environments that you
> and other contributors need it to work for.  That is, I am
> willing to integrate code for any environment to which
> someone is willing to support (ie: development/maintain).
> > I'd guess the only remaining one is KTH. I suspect that will
> > require a few ifdef's due to their slightly different API.
> What about AFS Kerberos?

- GACK, is anybody really using that? It's a rat's nest that
should be avoided at all costs. Most AFS sites that I know
about use some version of the last Cygnus K4 source code
release as their K4 libraries. Getting things to compile
with the AFS k4 libraries is often tricky as there are lot's
of old UCB calls in the code. On Solaris 2.5.1 and 2.6 you
have to be very careful with the order of library loading
in order to get binaries that don't core dump randomly.
I suspect it would lead into a configure nightmare.  

> > ( The changes are trivial, but oh so annoying... ).
> Yes.  I'd like to localize this as much as possible...

- I'm willing to give the KTH version a try. 

- Booker C. Bense