On 2001.06.20, in <[EMAIL PROTECTED]>,
"Brendan Cully" <[EMAIL PROTECTED]> wrote:
>
> yeah, don't use kerberos 1.0 with openssl. There's a namespace
> collision on the crypto library. If you can't upgrade your kerberos,
> you could try merging the openssl and krb5 crypto libraries into one
> (as advised by whoever added the old MIT detection code to configure.in),
I recommend upgrading your Kerberos intstallation, esp. since (iirc)
there's at least one major security-related flaw in 1.0.6. At one
time, though, that was not feasible for me, so I understand that it
might not be for others. In that case, I suggest the workaround
described in configure.in in case (like me) you have multiple projects
that will want Kerberos and SSL.
> or renaming the kerberos crypto library to k5crypto.
... but this is obviously simplest, and preferable if you're more
comfortable with copying/renaming important library files than with
archiving and unarchiving them, or if you're concerned with the purity
of shared objects. :) However, if you're using shared versions of the
k5 libraries, be sure that renaming libcrypto.so doesn't invalidate the
dynamic loading of other programs that are already compiled against
your Kerberos libcrypto.so.
--
-D. [EMAIL PROTECTED] NSIT University of Chicago
