[16530] in Kerberos_V5_Development
Re: Linking problem with Kerberos for Windows & mod_auth_kerb.
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Tue Dec 7 11:58:07 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: krbdev@mit.edu
Message-ID: <4CFE6794.8000106@secure-endpoints.com>
Date: Tue, 07 Dec 2010 11:57:56 -0500
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <1291740263.1761.60.camel@eurocis-laptop>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============1378112328=="
Errors-To: krbdev-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1378112328==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig465B7BEF489070960970AB99"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig465B7BEF489070960970AB99
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 12/7/2010 11:44 AM, Fr=C3=A9d=C3=A9ric Dubois wrote:
> Jeffrey,
>=20
> Thank you very much for the answer.
>=20
> That was my conclusion but since the apache module with the same source=
s
> compiles perfectly on Linux I thought it was something else (like wrong=
> compilation or linking options).
>=20
> So now I'm gonna focus on convincing my manager that Linux is a better
> option than Windows ;o)
>=20
> Thanks,
>=20
> Fred
The better question is why does mod_auth_kerb require use of
private interfaces. This is an important question to answer
because if and when the private replay cache interface is
modified as part of an upgrade, mod_auth_kerb on Linux is going to break.=
There is no reason that I am aware of for an application to be calling
those functions directly. In fact, reading the source to mod_auth_kerb
5.4 it looks like the author has gone far out of his way to disable the
use of replay caches by substituting his own implementation for MIT's.
The code references MIT 1.3.3. That was a long time ago. I'm not even
sure that the hack that is in place would work in a world with dynamic
libraries on Linux.
The hack is only active when the Kerberos implementation is MIT.
Another option is to build with Heimdal.
Jeffrey Altman
--------------enig465B7BEF489070960970AB99
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJM/meWAAoJENxm1CNJffh4RgQH/0ZJvEyH3fUF6TIg2pJA1r4h
G5nppRcb+gYtoBicTsqCvuBysYDs3ewncd6SPBIziZcQr3P7fRWG6sFVKtd5DiNj
1hhqVkvkiQ095/CoZaCwlXmlFR8YvE2qYNUs2ippjHl95PenZClmY//uoao8VmiM
UpgiY+2YGxk08EhZ0JzWmx355nJJuyntfaKYI5Ra21s268ADILM8SKC4PIP9gCqN
iff5xXN1Ssc9uZ8wxJjeIUBI7V3xCp7inYFibMdzb5BBtoLEivgeMOdLLd56Olwk
vdWAUy7DQbww4BzUfFFGVYouUwrS2wbmfWSfofneKgXjhKyZ1/KHe8N8FQ4Ivms=
=8g/S
-----END PGP SIGNATURE-----
--------------enig465B7BEF489070960970AB99--
--===============1378112328==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
--===============1378112328==--
