[5295] in Kerberos
Re: K5B5 krb524
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue May 30 14:57:54 1995
Date: Tue, 30 May 1995 14:40:54 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: u751@sas-hp.nersc.gov
Cc: kerberos@MIT.EDU
In-Reply-To: Jonathan Brown's message of 25 May 1995 17:36:08 GMT,
<3q2f68$mb8@cronkite.nersc.gov>
Date: 25 May 1995 17:36:08 GMT
From: u751@sas-hp.nersc.gov (Jonathan Brown)
I tried to build krb524 for Kerberos 5 beta 5. The compiler complained
about cnv_tkt_skey.c because a number of function calls are missing the
new context argument. Also, there is no configure script. Has anyone
fixed this yet, or will it be done soon?
As the README says, krb524 is no longer supported, because with one
exception, every use of the krb524 library which I know of has been a
mistake. If you need to use the krb524 library, there's almost
certainly something wrong with your design.
All the krb524 library does is allow programs which were written to the
Kerberos V4 API to compile using a Kerberos V5 protocol with some
wrappers around it. However, the way the Kerberos V5 messages are
wrapped "on the wire" is not standard, and is not intended to be. So
for anything that you intend to be long-term interoperable or use a
standard application protocol, I strongly discourage the use of the
krb524 library. You should simply make the investment of time necessary
to port your libraries to use either (a) the Kerberos V5 API or (b) the
GSSAPI.
If what you want is to use the Kerberos V4 *protocol*, then the krb524
library is the ***wrong*** library to use. There have been a number of
people who have tried to use it for that, and complained and sent in bug
fixes when it didn't do what they expected it to do. If you want to use
the Kerberos V4 protocol (for example to talk to AFS), then use a real
Kerberos V4 library. One is now bundled into the latest version of
Kerberos V5 Beta 5.
- Ted
