[31517] in CVS-changelog-for-Kerberos-V5
krb5 commit: Don't load PKINIT if it was disabled in the build
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Fri Apr 10 20:27:06 2026
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20260411002701.3D228104AE2@krbdev.mit.edu>
Date: Fri, 10 Apr 2026 20:27:01 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/76856efb87d7b11fd5d05680e25b41a58c0e06c7
commit 76856efb87d7b11fd5d05680e25b41a58c0e06c7
Author: Michael Osipov <michael.osipov@innomotics.com>
Date: Wed Feb 25 13:56:00 2026 +0100
Don't load PKINIT if it was disabled in the build
Commit e362c356eafb49a9d90a4f20c6668682d4f50222 added trace logging
for errors loading plugin modules. For a build with PKINIT disabled,
this change has the unfortunate side effect of adding many "unable to
load plugin" messages to the trace log. Conditionalize
auto-registering PKINIT on it being enabled in the build.
[ghudson@mit.edu: added similar conditional to kdc_preauth.c; edited
commit message]
src/kdc/kdc_preauth.c | 4 +++-
src/lib/krb5/krb/preauth2.c | 2 ++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 3752be6a4..99a7a137a 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -126,9 +126,11 @@ get_plugin_vtables(krb5_context context,
*vtables_out = NULL;
*n_tables_out = *n_systems_out = 0;
- /* Auto-register encrypted challenge and (if possible) pkinit. */
+ /* Auto-register built-in modules. */
+#ifndef DISABLE_PKINIT
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "pkinit",
"preauth");
+#endif
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "otp",
"preauth");
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "spake",
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index b5ef6c616..e199f50f9 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -130,8 +130,10 @@ k5_init_preauth_context(krb5_context context)
return;
/* Auto-register built-in modules. */
+#ifndef DISABLE_PKINIT
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "pkinit",
"preauth");
+#endif /* not DISABLE_PKINIT */
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "spake",
"preauth");
k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
