söndag den 16 oktober 2011 klockan 15:22 skrev Simon Josefsson detta: > [email protected] (Alfred M. Szmidt) writes: > > > * Rework Kerberos support, separating Kerberos4 code > > from KerberosV code, and make proper implementation > > of Shishi code that works on all platforms we want > > to support. > > > > Maybe Simon could do this? Simon, do you have time? I'm not at all > > familiar with Kerberos. > > I don't have a lot of time, but I have some interest in seeing this > done. I think that we should drop all Kerberos 4 code. Nobody should > care about Kerberos 4 anymore since it is insecure (based on DES). The > Kerberos V5 stuff in InetUtils worked fine both with MIT/Heimdal/Shishi > not so long ago, but we could certainly improve documentation so that it > becomes easier to setup and test.
I attempted test builds on OpenSolaris, OpenBSD, and FreeBSD with activated kerberos support in the configuration, but I found some compilations errors that were due to the fact that macros and code did not properly distinguish between definitions and prototypes originating in Kerberos4 and in Kerberos5, respectively. I even believe the SHISHI macro was not without blame in this respect. These observations were the most discuraging I made. For certain I observed that the conditionals made implicit assumptions on the non-existance of header files from the excluded implementations. I will have to repeat the experiments to give exact locations or error messages, but I did invest several hours in reading headers on GNU/Linux, OpenBSD, and OpenSolaris, in order to begin understanding the cause of failures for the latter. On GNU/Linux I could build with support of either library, but I never got as far as checking the executables against the Kerberos server I have running under OpenBSD, since its tickets only concern secure shell access and PostgreSQL access, not telnet access as is relevent in GNU Inetutils. Best regads, Mats
