[17215] in Kerberos_V5_Development
Re: [PATCH] Make krb5-config suppress CFLAGS output and omit extra
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Sep 26 12:35:49 2011
From: Russ Allbery <rra@stanford.edu>
To: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <tslehz3qnsg.fsf@mit.edu> (Sam Hartman's message of "Mon, 26 Sep
2011 12:19:27 -0400")
Date: Mon, 26 Sep 2011 09:35:45 -0700
Message-ID: <87ty7ztg66.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Sam Hartman <hartmans@mit.edu> writes:
>>>>>> "Russ" == Russ Allbery <rra@stanford.edu> writes:
> Russ> symbols available. The interface is pretty clearly defined
> Russ> ("GSSAPI application with Kerberos 5 bindings"), and clients
> Russ> should be running both krb5-config --libs gssapi and
> Russ> krb5-config --libs krb5 and combining them. (That's what my
> Russ> applications that need both already do.) There may be some
> Russ> build system breakage for people who did the wrong thing, but
> Russ> it's a lot cleaner as an interface.
> Russ, unless there is more text than what you quoted above defining the
> interface, that's quite unclear to me. More or less all the
> applications I'm aware of that have GSSAPI and explicitly want Kerberos
> 5 bindings plan to do Kerberos specific things. If the interface was
> "Generic portable GSS-API application," I would expect the behavior you
> describe.
> My point is that to me as someone who has worked on this for a while
> it's unclear whether "Kerberos 5 bindings" in a GSS application implies
> krb5 symbols available or not.
It never would have occurred to me to read it that way. The way I always
read it was that functions like gss_krb5_ccache_name() were also available
(so not just a generic portable GSS-API application, but also ones that
specifically expect GSS-API with Kerberos bindings), and one could assume
Kerberos support in the GSS-API library. I wouldn't expect to have
functions that weren't part of the GSS-API at all, like
krb5_get_init_creds_password.
It's certainly possible, though, that this is only "obvious" from my
particular angle of approach.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
