Mac OS X: Calling krb5_init_context and krb5_cc_resolve from a Directory Service Plugin

Alexandra Ellwood lxs at MIT.EDU
Mon Jan 20 14:02:00 EST 2003

>A quick check in the latest Security Framework for 10.2 does not define
>"SessionGetInfo()".  This must be a private API call, since it isn't in any
>header file, but is in the framework.

Yes, it's private currently.  You can find the sources and relevant 
header in the Darwin repository under the "Security" module.

>Is there some reason that the credential cache code is not publicly
>available for the OS X version (besides it using private API calls)?  This
>would be very useful for debugging.
>There seems to be a lot of important source code (ccache for example) that
>is not available for the OS X version of Kerberos.  This not only makes
>debugging more difficult, but prevents others from verifying the correctness
>of the implementation.

Historically KfM contained a lot of encumbered code -- ie: code with 
licenses which wouldn't let us open source.  Now that we no longer 
support Mac OS 9, most of the non-Apple encumbered code is gone.  We 
are in the process of working out a solution with Apple.

While we would like to do this as soon as possible, we have very few 
resources.  As a result, important features which people have been 
clamoring for (eg: DNS support) take precedence.  That's why it's 
taken so long.

In the meantime, I would like to emphasize again that the MIT 
Macintosh Development team is happy to help developers who are having 
problems with KfM.  Please ask questions and report bugs when you 
encounter problems!  We are trying to make KfM easier for developers 
to use, and your feedback is invaluable.

Hope this helps,

Alexandra Ellwood                                               <lxs at>
MIT Information Systems                     

More information about the krbdev mailing list