Bug#656434: Openssh compiled with heimdal as kerberos library

[Russ Allbery]

Anton Lundin  writes:
> On 24 February, 2012 - Colin Watson wrote:

>> Is there no other way?

> Pretty off topic but anyway...

> I had an idea a couple of months ago to write a "stub" gss-library that
> wraps either heimdal, mit or any other gss/kerberos implementation and
> chooses which library to load and call based on a config file.

This is what libgssglue is.  The question is: does it export enough of the
non-standard interfaces to let ssh do all the things it wants to do?  It
was fairly limited the last time I looked at it.

-- 
Russ Allbery (r...@debian.org)   



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656434: Openssh compiled with heimdal as kerberos library

[Anton Lundin]

On 24 February, 2012 - Colin Watson wrote:
> 
> Is there no other way?

Pretty off topic but anyway...

I had an idea a couple of months ago to write a "stub" gss-library that
wraps either heimdal, mit or any other gss/kerberos implementation and
chooses which library to load and call based on a config file.

This way you could link against that library and later on as a
configuration choose which gss-library to use.

I don't know of any c-libraries that does this, but on example is how
the python package anyjson handles different json libraries.

-- 
Anton Lundin+46702-161604



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656434: Openssh compiled with heimdal as kerberos library

[Colin Watson]

On Thu, Jan 19, 2012 at 11:32:44AM +0100, Anton Lundin wrote:
> I would love to be able to use GSSAPIClientIdentity to switch between
> diffrent gss identities in my KRB5CC.
> If openssh with Simon Wilkinson's GSS-patches ( who debian already 
> uses ) is compiled against heimdal it works.
> 
> I sugest creating separate packages for MIT-krb5 version and heimdal
> version of openssh, something like how libpam-krb5 vs. libpam-heimdal is
> handled.

This is exactly the kind of thing I was hoping to avoid when integrating
the Kerberos patch into the Debian openssh packages.  Creating separate
packages at the application level doesn't scale at all; what happens
when there's another feature people want two builds for (now we have
four packages), or another (now we have eight)?

Is there no other way?

-- 
Colin Watson   [cjwat...@debian.org]



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656434: Openssh compiled with heimdal as kerberos library

[Anton Lundin]

Package: openssh-client
severity: wishlist

I would love to be able to use GSSAPIClientIdentity to switch between
diffrent gss identities in my KRB5CC.
If openssh with Simon Wilkinson's GSS-patches ( who debian already 
uses ) is compiled against heimdal it works.

I sugest creating separate packages for MIT-krb5 version and heimdal
version of openssh, something like how libpam-krb5 vs. libpam-heimdal is
handled.

-- 
Anton Lundin



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org