Using Solaris 10 built in Kerberos support with Kerberos application

[Wyllys Ingersoll]

Douglas E. Engert wrote:

>
> *What I would like to ask SUN is to include the krb5.h and its friends 
> with the
> Solaris 10 base system.*


We are well aware of your desire for these headers to be included in the 
base OS :)
We have heard it from many customers, actually.

>
> I have managed to get qpop-4.0.5 and OpenAFS-1.4.0-RC1 aklog to 
> compile and run
> using this krb5.h with some modification, and the MIT-1.4.1 profile.h 
> and com_err.h.
>
> Some problems along the way:
>
> o mech_krb5.so has most of the Kerberos routines and can be used as a 
> shared
> library, but is clumsy to link as its not a "libxxx"


Yes, inconvenient, but not difficult to overcome with proper linker 
options at
build time.

>
> o The opensolaris krb5.h is not guaranteed to match the mech_krb5.so

Correct.

>
> o The krb5.h refers to profile.h which is not supplied.
>
> o Many of the Kerberos applications also use com_err.h which is not 
> supplied.


profile.h and com_err.h are in the userspace kerberos code tree, which 
is not yet
posted to opensolaris.org. It should be posted sometime in the near 
future (but
don't ask me to define "near", it's out of my control at this point). 
Just be aware
that it is coming, eventually, along with a bunch of other 
crypto-related code and
GSSAPI mechanisms like SPNEGO and DH.

>
> o There is no com_err add_error_table.
>
> o Solaris does not have krb524. So aklog can not use this feature.

krb524 is not part of Solaris and will not be part of opensolaris. We 
made the decision
long ago not to support Kerberos V4 and thus dropped all krb4 related 
code from our
codebase.

>
> But so far it still looks promising to use the Solaris 10 Kerberos and we
> are expecting that Sun will continue to improve the usability of their
> Kerberos support.
>
Thanks for the support and we are working hard on improving support for
developers and end-users.

-Wyllys